[Snort-users] Snort on SCO

Jerry Shenk jas at ...129...
Mon Sep 25 21:12:13 EDT 2000


Nope, wonder if I could just get tcpdump working.  I have a client who
insists on having telnet access to his SCO box through his firewall.  This
was recommended by the company that sold him his e-commerce solution!!  We
have some 'odd port' on his firewall passed through to port 23 on his SCO
box.  Having it on an odd port is a little bit secure but it really ought to
be alarmed so that any time it's accessed, somebody gets a message.  Snort
or a simple tcpdump script could be set up to alarm on the first packet of a
3-way handshake coming in from a non-internal address....probably wouldn't
be a bad idea to get a message on the close of the session either.

----- Original Message -----
From: "Fyodor" <fygrave at ...121...>
To: "Jerry Shenk" <jas at ...129...>
Sent: Monday, September 25, 2000 8:29 PM
Subject: Re: [Snort-users] Snort on SCO


>
> ~ :Has anybody ever used snort on a SCO box?
> ~ :
>
>  Nope, any luck? ;)
>




More information about the Snort-users mailing list