[Snort-users] Aurora Exploit Attempt Alert One Hour Delay

Mike Miller mike at ...16027...
Thu Jan 23 17:09:35 EST 2014


What's the SID for the rule?


On Thu, Jan 23, 2014 at 2:41 PM, Latonya Hall <lhall at ...16550...> wrote:

> I am tailing the file.
> On Jan 23, 2014 4:28 PM, "Mike Miller" <mike at ...16027...> wrote:
>
>> Is it really an hour difference (are you tailing the file live), or could
>> there be some time skew due to Timezone, Daylight Savings, or misconfigured
>> clocks?
>>
>>
>> On Thu, Jan 23, 2014 at 12:45 PM, LaTonya Hall <lhall at ...16550...> wrote:
>>
>>> Fast alert to a text file.
>>>
>>> *LaTonya Hall*
>>>
>>> *Vahna, Inc. | Cyber Security Solutions*
>>> 202.803.6900 x104
>>> 1211 Connecticut Ave NW
>>> Suite 250
>>> Washington, DC 20036
>>> www.vahna.com
>>>
>>>
>>>
>>>
>>> On Jan 23, 2014, at 2:43 PM, Kevin Ross <kevross33 at ...14012...>
>>> wrote:
>>>
>>> How are you logging this? It is likely either timezone stuff on local
>>> system, in barnyard or if using something like Snorby the correct timezone
>>> not being set such as GMT. So while the alert is generated the time is
>>> appearing as 1 hour later.
>>>
>>>
>>> On 23 January 2014 16:28, LaTonya Hall <lhall at ...16550...> wrote:
>>>
>>>> There is about a one hour delay from exploit attempt to snort alert...any
>>>> ideas?
>>>>
>>>> *-LaTonya*
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>>>> Critical Workloads, Development Environments & Everything In Between.
>>>> Get a Quote or Start a Free Trial Today.
>>>>
>>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>>
>>>> Please visit http://blog.snort.org to stay current on all the latest
>>>> Snort news!
>>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>>> Critical Workloads, Development Environments & Everything In Between.
>>> Get a Quote or Start a Free Trial Today.
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140123/d2aee41c/attachment.html>


More information about the Snort-users mailing list