[Snort-users] Nice result with Snort.
Jan Hugo Prins
jhp at ...1226...
Mon Jan 29 13:50:36 EST 2001
Today I had a nice result from Snort.
Yesterday evening someone tried a Naptha DoS attack on my port 22. This was
perfectly logged in both the alert file and the MySql database (about 2200
packets). The guy that did this had masked his IP adres and the destination
adres. But what he didn't mask (and is probebly much more difficult to mask)
was his hardware adres so by doing a search in my logfiles I finally found 2
packets from someone doing a portscan at his system with his IP adres clearly
The only thing that rested was sending a abuse mail to his profider. Haven't
heard from them yet but I have a good hope that they will notice me about any
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the Snort-users