[Snort-users] OT: how to respond to alerts
anders_toll at ...125...
Fri Mar 30 08:36:02 EST 2001
This isn't really have to do with Snort but is relevant anyway:
How do You respond the alerts? Send email complaining to ripe-addresses?
Block the users out on gateway/firewall-level?
This morning I found an ip-address have been bad with one of our web
71 different signatures are present for x.x.x.x as a source
1 instances of WEB-FRONTPAGE orders.txt access
1 instances of WEB-MISC /cgi-bin/jj attempt
1 instances of WEB-FRONTPAGE author.exe access
1 instances of WEB-MISC piranha passwd.php3 access
1 instances of WEB-FRONTPAGE form_results access
Typically a scriptkiddie trying to find a hole.
What should be a proper way to deal with this? Should I send an email
complaining together with firewall-logs and snort-logs?
Does it really matter to complain?
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
More information about the Snort-users