[Snort-users] Aurora Exploit Attempt Alert One Hour Delay

Latonya Hall lhall at ...16550...
Thu Jan 23 16:41:57 EST 2014


I am tailing the file.
On Jan 23, 2014 4:28 PM, "Mike Miller" <mike at ...16027...> wrote:

> Is it really an hour difference (are you tailing the file live), or could
> there be some time skew due to Timezone, Daylight Savings, or misconfigured
> clocks?
>
>
> On Thu, Jan 23, 2014 at 12:45 PM, LaTonya Hall <lhall at ...16550...> wrote:
>
>> Fast alert to a text file.
>>
>> *LaTonya Hall*
>>
>> *Vahna, Inc. | Cyber Security Solutions*
>> 202.803.6900 x104
>> 1211 Connecticut Ave NW
>> Suite 250
>> Washington, DC 20036
>> www.vahna.com
>>
>>
>>
>>
>> On Jan 23, 2014, at 2:43 PM, Kevin Ross <kevross33 at ...14012...> wrote:
>>
>> How are you logging this? It is likely either timezone stuff on local
>> system, in barnyard or if using something like Snorby the correct timezone
>> not being set such as GMT. So while the alert is generated the time is
>> appearing as 1 hour later.
>>
>>
>> On 23 January 2014 16:28, LaTonya Hall <lhall at ...16550...> wrote:
>>
>>> There is about a one hour delay from exploit attempt to snort alert…any
>>> ideas?
>>>
>>> *-LaTonya*
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>>> Critical Workloads, Development Environments & Everything In Between.
>>> Get a Quote or Start a Free Trial Today.
>>>
>>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest
>>> Snort news!
>>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
>> Learn Why More Businesses Are Choosing CenturyLink Cloud For
>> Critical Workloads, Development Environments & Everything In Between.
>> Get a Quote or Start a Free Trial Today.
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140123/c51b84fe/attachment.html>


More information about the Snort-users mailing list