[Snort-users] Was my host hijacked?

Luiz-Otavio Zorzella z0079 at ...9350...
Mon Jun 2 17:26:06 EDT 2003


Matt Kettler wrote:

> What source and destination ports were used? This will tell you a 
> whole lot more about what is really going on.

Cool... I think the events were, indeed, just normal web surfing and 
"bind" stuff.

> For example, the events to  64.141.14.2 are likely just you surfing 
> websites and opening pages with lots of images on them. 

I think that was not the case... Which begs the question: is there a way 
to make SNORT less "frightened" -- i.e. to increase a threshold?

Zorzella





More information about the Snort-users mailing list