[Snort-users] OT: how to respond to alerts

Chris Heathcote chrish at ...1703...
Fri Mar 30 09:54:27 EST 2001


on 30/3/01 2:36 pm, Anders Toll wrote:

> Typically a scriptkiddie trying to find a hole.
> 
> What should be a proper way to deal with this? Should I send an email
> complaining together with firewall-logs and snort-logs?
> 
> Does it really matter to complain?

it's up to you. You should really report it, if they're working through many
hosts, more evidence means they're more likely to lose their account.

Fwiw, I quite like http://aris.securityfocus.com - it takes your snort logs,
anonimizes them, and will then correlate your attacks with other sysadmins.
It'll even fire off some emails to the relevant ISPs if you deem it worthy.

c.






More information about the Snort-users mailing list