[Snort-users] Anyone have problems with aanval?
scheidell at ...5171...
Fri Jan 27 03:34:05 EST 2006
> -----Original Message-----
> From: Nerijus Krukauskas [mailto:nkrukauskas at ...11827...]
> Sent: Friday, January 27, 2006 3:01 AM
> To: Snort Users
> Cc: Michael Scheidell
> Subject: Re: [Snort-users] Anyone have problems with aanval?
> On 27/01/06, Michael Scheidell <scheidell at ...5171...> wrote:
> > We traced a very large data transfer from the host we had running
> > aanval to 220.127.116.11
> > Interesting thing about that ip address:
> > host www.aanval.com
> > www.aanval.com is a nickname for aanval.com
> > aanval.com has address 18.104.22.168
> > aanval.com mail is handled (pri=10) by mail.aanval.com
> 22.214.171.124 is also known as oad.aanval.com. OAD stands
> for 'Offender Analysis Database'. And default install of
> aanval console sends lot's of data to that database. In
> aanval console go Aanval -> System Options -> Processor
> Options -> uncheck the 'Offender Analysis Database' option ->
> press 'Update Options' -> see how the traffic to oad.aanval.com stops.
21GB? 7 hours? Do the math, that will saturate two t1's for 7 hours.
And besides, we turned it off in system options the day we installed it.
Thanks for playing, next player?
> I suggest that you RTFM more prior to installing something. :)
> Navigate yourself through
> http://www.theadamsfamily.net/> ~erek/snort/drinking_game.txt
> and get a headache in the
> morning (hint: I think this is answered in documentation, at
> least). :)
More information about the Snort-users