[Snort-sigs] quick question about Snort + ACID on FreeBSD
delusi0n at ...799...
delusi0n at ...799...
Tue Sep 2 08:46:02 EDT 2003
It is not connected to a switch. its connected to a hub. I will get that plug and play disabled. but thats not what the problem is, the problem is that it log's local traffic, and i would like to make it not log local traffic. How do i do that? And also, it doesnt seem to log much from the outside because i didnt get much alerts at all when it ran 4 days striaght. I jsut got some ICMP's from my ISP's DNS servers, and some other ip which came from my ISP's subnet. Could it be that my firewall is blocking everything before it gets to SNORT? let me know. Thanks.
> From: Irwan Hadi <irwanhadi at ...1830...>
> Date: 2003/09/02 Tue AM 04:41:59 EDT
> To: "<-delusion->" <delusi0n at ...799...>
> CC: snort-sigs at lists.sourceforge.net
> Subject: Re: [Snort-sigs] quick question about Snort + ACID on FreeBSD
> On Tue, Sep 02, 2003 at 01:13:08AM -0400, <-delusion-> wrote:
> > Hi, I just set up SNORT on my network, i have it logging to a MySQL database, and i got ACID so that i can view the alerts easily. One problem i am having is that it logs traffic from my network, which i dont want. How can i turn this off? Acid has like 500+ alerts already from one of my windows boxes saying this..
> > [snort] SCAN UPNP service discover attempt 2003-08-31 19:27:15 192.168.0.91:1040 192.168.0.1:1900 UDP
> > And their all the same from the same ip, and same type of sig.
> > Another thing is, i dont think its been properly setup or something, because its not logging much.. Its been running for the past 4 days, I've been connected all the time, and it only logged the local traffic, and some ICMP traffic. I got 0% TCP, 93% UDP, and 7% ICMP. Theres only like 30 ICMP alerts, and they seem pretty harmless. I am expecting alot more alerts to come in, since im always-on.
> Is it connected to a switch? If it so, read FAQ 1.8
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
More information about the Snort-sigs