Friday, November 26, 2004

What am i posting so late in the night

Well been busy with studies ( For those who dunn know i am doing my CCNP :) )

I am also setting up snort an IDS and believe me the results are amazing.

Just posting a snip from the logs below. I have changed the ip address to hide identity .

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
11/25-11:10:26.653596 W.X.Y.Z:4020 -> A.B.C.D:1434
UDP TTL:112 TOS:0x0 ID:30488 IpLen:20 DgmLen:404
Len: 376
[Xref => => => http://cv][Xref =>][Xref => http://www.securityfocus.

This is just a basic install of snort with latest rules , now what needs to be done is to start logging the events to mysql database and also install ACID to have a better view of logs.

WIll soon be posting the screen shots of the same and once i have fully gone thru snort will post on how i did it.



Post a Comment

<< Home