[Snort-users] Uh-oh... bad ftp login

Robert E. Leever bel1 at ...358...
Mon Oct 30 16:26:50 EST 2000


me too.  this happened to be version 1.6, & even tho I have
1.6.3 running on other subnets I don't know if they exhibited
the same behaviour.

In my case I got the alert via email within
a few minutes of it's occurring... both were internal 
systems talking to each other [benign, but I'm still 
trimming the rules].  The time on the alert hadn't yet
happened.  Ie got the alert at 09:31, alert says it 
occurred at 10:25.  I just attributed it to the change
from daylight back to standard.  Is snort's clock not 
getting reset except on sig hup or ?.


b;)



Jan, I noticed this with some of our snort sensors today (the few that we don't
kill -HUP every night).  I haven't poked through the source, but it appears to
be related to the time change we just went through this weekend.

--Bill




More information about the Snort-users mailing list