Friday, November 26, 2004

What am i posting so late in the night

Well been busy with studies ( For those who dunn know i am doing my CCNP :) )

I am also setting up snort an IDS and believe me the results are amazing.

Just posting a snip from the logs below. I have changed the ip address to hide identity .

[**] [1:2003:8] MS-SQL Worm propagation attempt [**]
[Classification: Misc Attack] [Priority: 2]
11/25-11:10:26.653596 W.X.Y.Z:4020 -> A.B.C.D:1434
UDP TTL:112 TOS:0x0 ID:30488 IpLen:20 DgmLen:404
Len: 376
[Xref => http://vil.nai.com/vil/content/v_99992.htm%5d%5bXref => http://cgi.nessus.org/plugins/dump.php3?id=11214%5d%5bXref => http://cv
e.mitre.org/cgi-bin/cvename.cgi?name=2002-0649][Xref => http://www.securityfocus.com/bid/5311][Xref => http://www.securityfocus.
com/bid/5310]


This is just a basic install of snort with latest rules , now what needs to be done is to start logging the events to mysql database and also install ACID to have a better view of logs.

WIll soon be posting the screen shots of the same and once i have fully gone thru snort will post on how i did it.


Nitin

0 Comments:

Post a Comment

<< Home