[Snort-users] Anyone have problems with aanval?

Michael Scheidell scheidell at ...5171...
Fri Jan 27 03:34:05 EST 2006


> -----Original Message-----
> From: Nerijus Krukauskas [mailto:nkrukauskas at ...11827...] 
> Sent: Friday, January 27, 2006 3:01 AM
> To: Snort Users
> Cc: Michael Scheidell
> Subject: Re: [Snort-users] Anyone have problems with aanval?
> 
> 
> On 27/01/06, Michael Scheidell <scheidell at ...5171...> wrote:
> >
> > We traced a very large data transfer from the host we had running 
> > aanval to 82.165.229.52
> >
> > Interesting thing about that ip address:
> > host www.aanval.com
> > www.aanval.com is a nickname for aanval.com
> > aanval.com has address 82.165.229.52
> > aanval.com mail is handled (pri=10) by mail.aanval.com
> 
>   82.165.229.51 is also known as oad.aanval.com. OAD stands 
> for 'Offender Analysis Database'. And default install of 
> aanval console sends lot's of data to that database. In 
> aanval console go Aanval -> System Options -> Processor 
> Options -> uncheck the 'Offender Analysis Database' option -> 
> press 'Update Options' -> see how the traffic to oad.aanval.com stops.

21GB?  7 hours?  Do the math, that will saturate two t1's for 7 hours.

And besides, we turned it off in system options the day we installed it.
Did RTFM.

Thanks for playing, next player?

> 
>   I suggest that you RTFM more prior to installing something. :) 
> Navigate yourself through 
> http://www.theadamsfamily.net/> ~erek/snort/drinking_game.txt 
> and get a headache in the 
> morning (hint: I think this is answered in documentation, at 
> least). :)




More information about the Snort-users mailing list