[Snort-users] Nice result with Snort.

Jan Hugo Prins jhp at ...1226...
Mon Jan 29 13:50:36 EST 2001


Hi everyone,

Today I had a nice result from Snort. 

Yesterday evening someone tried a Naptha DoS attack on my port 22. This was 
perfectly logged in both the alert file and the MySql database (about 2200 
packets). The guy that did this had masked his IP adres and the destination 
adres. But what he didn't mask (and is probebly much more difficult to mask) 
was his hardware adres so by doing a search in my logfiles I finally found 2 
packets from someone doing a portscan at his system with his IP adres clearly 
stated. 

The only thing that rested was sending a abuse mail to his profider. Haven't 
heard from them yet but I have a good hope that they will notice me about any 
results. 

Greetings,
J.H. Prins
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: alert.log
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010129/4f6e4ec5/attachment.ksh>


More information about the Snort-users mailing list