[Snort-users] How do you know...
wucolin at ...2181...
Fri Jun 8 16:56:09 EDT 2001
Over the past few days we have received a number of scans and each time
Snort picks it up just fine. My questions is: Other than going over the
log line-by-line, how can I tell if a system on my network answered the
probe and is now a candidate for compromise. My network is a /16 so
it's not a small problem. I'm thinking it may mean writing my own log
scanner but just wanted to check with you folks in case someone's
already invented the wheel.
__ _ _ Network Analyst
/ ) // ' ) / Computing & Information Services
/ __|/ o ____ / / / . . McMaster University
(__/ (_) \_<_/ / <_ (_(_/ (_/_ (905)525-9140 ext 24050
More information about the Snort-users