[Snort-users] Was my host hijacked?
z0079 at ...9350...
Mon Jun 2 17:26:06 EDT 2003
Matt Kettler wrote:
> What source and destination ports were used? This will tell you a
> whole lot more about what is really going on.
Cool... I think the events were, indeed, just normal web surfing and
> For example, the events to 220.127.116.11 are likely just you surfing
> websites and opening pages with lots of images on them.
I think that was not the case... Which begs the question: is there a way
to make SNORT less "frightened" -- i.e. to increase a threshold?
More information about the Snort-users