[Snort-users] How do you know...

Colin Wu wucolin at ...2181...
Fri Jun 8 16:56:09 EDT 2001


Over the past few days we have received a number of scans and each time
Snort picks it up just fine.  My questions is: Other than going over the
log line-by-line, how can I tell if a system on my network answered the
probe and is now a candidate for compromise.  My network is a /16 so
it's not a small problem.  I'm thinking it may mean writing my own log
scanner but just wanted to check with you folks in case someone's
already invented the wheel.

Thanks.

--

   __     _             _            Network Analyst
  /  )   //            ' )   /       Computing & Information Services
 /    __|/  o ____      / / / . .    McMaster University
(__/ (_) \_<_/ / <_    (_(_/ (_/_    (905)525-9140 ext 24050
                                     http://netman.McMaster.CA






More information about the Snort-users mailing list