[Snort-users] exporting snort logs

Basselgia, Barry A Mr (NAF Atsugi) BABasselgia at ...12104...
Tue Nov 23 16:22:02 EST 2004

Can't help with the export thing.

But, on your question regarding "communications administratively
prohibited".  This means the router that is sending the messages is
configured to block your network/ip address.  The only way to correct this
would be to identify who the router(s) belongs to and contact them to find
out why your being blocked.  So, this isn't really a "False Alarm".  And
obviously, if you have 100,000 hits something on your network is trying to
get through those routers.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Endre
Sent: Tuesday, November 23, 2004 8:36 PM
To: snort-users at lists.sourceforge.net
Cc: Andras Kalmar
Subject: [Snort-users] exporting snort logs

Also, how you guys manage to identify false alarms? I am getting alerts for
"communication administratively prohibited" or something like that from a
few routers outside of our network for 19 IP addresses (8 machines) from
our network - there are like 140 machines - and this is up to almost
100,000. I did not manage to determinde yet what is causing this huge
amount of alerts... tcpdump looks pretty encrypted to me, didn't see
anything interesting yet just lots of packets towards our proxy server and
to some exchange server...

Any hints on how to do this? Perhaps some tools ... ?



ADDRESSEE and may contain confidential and privileged information. If the
reader of this message is not the intended recipient, you are notified that
any dissemination, distribution or copy of this communication is strictly
prohibited. If you have received this message by error, please notify us
immediately, return the original mail to the sender and delete the message
from your system."

SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

This message has been scanned for viruses and dangerous
content by the NAF Atsugi MailScanner.

More information about the Snort-users mailing list