[Snort-users] resp 2?

Neil Dickey neil at ...1633...
Wed May 16 14:09:33 EDT 2001

"Ben Johansen" <benj at ...2026...> wrote asking:

>apparently when I responded to the to last it went to the individual instead
>of the list. ??

No, I just replied off-list.  There's no particular reason.  ;-)

>I Guess, the main question for me now is: Now that I see the hack attempts
>what do I with them?

I presume from your question that Snort is now loading and the response feature
is working?

Anyway, if you are seeing portscans and other evidence of hacking in your logs
then there are some things you can do with the information, but you probably
won't find them very satisfying in that your antagonist doesn't get vaporized.

One thing to do is to make sure your system software is configured for maximum
security.  If I recall correctly you're using some sort of Windows OS, so you
might want to look into a software firewall such as ZoneAlarm to help keep the
BadGuys(TM) at bay.  This package is free for personal use, and a modest fee
gets you a full-featured version.  There are others, but this is one I'm familiar
with and it's very good.

Make sure that software with known security problems, such as Outlook and Outlook
Express, are rendered harmless.  If you are running a IIS webserver, go to the
Micro$oft site immediately and find out how to keep it from getting hacked.  Don't
let *anything* on your system automatically open attachments or run scripts without
letting you know first and asking for permission.  Backdoors come wrapped in pretty

Make sure your patches are up-to-date, *especially* those having to do with

There are some websites where you can report scanning and hacking attempts.  One
is ...


... the related BugTraq site, which has a link library ...


... and another at ...


There are more, but these are good places to get started.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois

More information about the Snort-users mailing list