[Snort-users] ALERT in logs

Helio Coelho Jr. - CompuLand ISP Admin helio at ...119...
Wed Sep 13 13:22:32 EDT 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Em 13-Sep-2000 Martin Roesch escreveu:
> If there's an alert rule that doesn't have a "msg" keyword in it, the default
> message is "ALERT".

I've done a 'cat 07062kany.rules grep -v msg' and the result do not
show any rule without the 'msg' keyword.

>  It sounds like that's what you're seeing.  Do you have
> any custom rules?

No...
The curious thing is that only happens to traffic toward the irc server.
It uses the ports 6665,6666,6667,6668,6669,7000,7001,7002,8000,8001,8002
and 9000,9001,9002 . But none of those ports are listed in the ruleset :( .

Thanks,
Helio.

- -- 
CompuLand ISP Admin
GnuPG Public Key: http://www.compuland.com.br/helio/gpgpublic.txt
- --
Q:      How many Zen masters does it take to screw in a light bulb?
A:      None.  The Universe spins the bulb, and the Zen master stays out
        of the way.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE5v7fYs4JCXSskkw8RAlnBAJ48lBvp76taVZUcZFJrch3wQN4x3gCgqxtH
4lO7VWXLuuw4mIYeyw7Tl6Q=
=QfnT
-----END PGP SIGNATURE-----



More information about the Snort-users mailing list