[Snort-users] SNORT Newbie

Adam Kliarsky 360air at ...5068...
Sun Feb 13 21:10:26 EST 2005

Joel - 
Snort uses class-types in it's rules to help classify attacks (alerts).
Normally these are defined in the classification.config file used by Snort.
Not sure how it's set up w/ Kerio.
There are several different class-types - 'successful-user' means that
according to the rule that was triggered, user privileges were gained in the

Hope that helps - 

- Adam

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
joel at ...13033...
Sent: Sunday, February 13, 2005 8:01 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] SNORT Newbie


I'm a total and complete newbie to Snort.  I know your level of knowledge is
WAY over my head.  But I've got a concern and I'm hoping you can help
explain something to me

I use Kerio Firewall w/ AVG anti-virus on my computer.  It appears that
Kerio uses Snort to prevent intrusions or something like that.

When I click on "Intrusions" within the Kerio program, and then click on the
details of the "High Priority Intrusions" and the "IDS details" window comes
up listing "Attacks" and "Class".  IE

Attack					Class
BACKDOOR Trojan active Whackjob	successful-user

It's a rather long list, with most of the trojans being classed as
"successful-user".  What is this telling me?


SF email is sponsored by - The IT Product Guide Read honest & candid reviews
on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list