[Snort-users] ALERT in logs
Helio Coelho Jr. - CompuLand ISP Admin
helio at ...119...
Wed Sep 13 13:22:32 EDT 2000
-----BEGIN PGP SIGNED MESSAGE-----
Em 13-Sep-2000 Martin Roesch escreveu:
> If there's an alert rule that doesn't have a "msg" keyword in it, the default
> message is "ALERT".
I've done a 'cat 07062kany.rules grep -v msg' and the result do not
show any rule without the 'msg' keyword.
> It sounds like that's what you're seeing. Do you have
> any custom rules?
The curious thing is that only happens to traffic toward the irc server.
It uses the ports 6665,6666,6667,6668,6669,7000,7001,7002,8000,8001,8002
and 9000,9001,9002 . But none of those ports are listed in the ruleset :( .
CompuLand ISP Admin
GnuPG Public Key: http://www.compuland.com.br/helio/gpgpublic.txt
Q: How many Zen masters does it take to screw in a light bulb?
A: None. The Universe spins the bulb, and the Zen master stays out
of the way.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----
More information about the Snort-users