[Snort-users] Snort on SCO
jas at ...129...
Mon Sep 25 21:12:13 EDT 2000
Nope, wonder if I could just get tcpdump working. I have a client who
insists on having telnet access to his SCO box through his firewall. This
was recommended by the company that sold him his e-commerce solution!! We
have some 'odd port' on his firewall passed through to port 23 on his SCO
box. Having it on an odd port is a little bit secure but it really ought to
be alarmed so that any time it's accessed, somebody gets a message. Snort
or a simple tcpdump script could be set up to alarm on the first packet of a
3-way handshake coming in from a non-internal address....probably wouldn't
be a bad idea to get a message on the close of the session either.
----- Original Message -----
From: "Fyodor" <fygrave at ...121...>
To: "Jerry Shenk" <jas at ...129...>
Sent: Monday, September 25, 2000 8:29 PM
Subject: Re: [Snort-users] Snort on SCO
> ~ :Has anybody ever used snort on a SCO box?
> ~ :
> Nope, any luck? ;)
More information about the Snort-users