[Snort-users] resp 2?
neil at ...1633...
Wed May 16 14:09:33 EDT 2001
"Ben Johansen" <benj at ...2026...> wrote asking:
>apparently when I responded to the to last it went to the individual instead
>of the list. ??
No, I just replied off-list. There's no particular reason. ;-)
>I Guess, the main question for me now is: Now that I see the hack attempts
>what do I with them?
I presume from your question that Snort is now loading and the response feature
Anyway, if you are seeing portscans and other evidence of hacking in your logs
then there are some things you can do with the information, but you probably
won't find them very satisfying in that your antagonist doesn't get vaporized.
One thing to do is to make sure your system software is configured for maximum
security. If I recall correctly you're using some sort of Windows OS, so you
might want to look into a software firewall such as ZoneAlarm to help keep the
BadGuys(TM) at bay. This package is free for personal use, and a modest fee
gets you a full-featured version. There are others, but this is one I'm familiar
with and it's very good.
Make sure that software with known security problems, such as Outlook and Outlook
Express, are rendered harmless. If you are running a IIS webserver, go to the
Micro$oft site immediately and find out how to keep it from getting hacked. Don't
let *anything* on your system automatically open attachments or run scripts without
letting you know first and asking for permission. Backdoors come wrapped in pretty
Make sure your patches are up-to-date, *especially* those having to do with
There are some websites where you can report scanning and hacking attempts. One
... the related BugTraq site, which has a link library ...
... and another at ...
There are more, but these are good places to get started.
Neil Dickey, Ph.D.
Northern Illinois University
More information about the Snort-users