[Snort-users] Aurora Exploit Attempt Alert One Hour Delay

Mike Miller mike at ...16027...
Thu Jan 23 16:28:05 EST 2014


Is it really an hour difference (are you tailing the file live), or could
there be some time skew due to Timezone, Daylight Savings, or misconfigured
clocks?


On Thu, Jan 23, 2014 at 12:45 PM, LaTonya Hall <lhall at ...16550...> wrote:

> Fast alert to a text file.
>
> *LaTonya Hall*
>
> *Vahna, Inc. | Cyber Security Solutions*
> 202.803.6900 x104
> 1211 Connecticut Ave NW
> Suite 250
> Washington, DC 20036
> www.vahna.com
>
>
>
>
> On Jan 23, 2014, at 2:43 PM, Kevin Ross <kevross33 at ...14012...> wrote:
>
> How are you logging this? It is likely either timezone stuff on local
> system, in barnyard or if using something like Snorby the correct timezone
> not being set such as GMT. So while the alert is generated the time is
> appearing as 1 hour later.
>
>
> On 23 January 2014 16:28, LaTonya Hall <lhall at ...16550...> wrote:
>
>> There is about a one hour delay from exploit attempt to snort alert…any
>> ideas?
>>
>> *-LaTonya*
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> Critical Workloads, Development Environments & Everything In Between.
>> Get a Quote or Start a Free Trial Today.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140123/f9694449/attachment.html>


More information about the Snort-users mailing list