[Klug-general] SNORTing the rabbit hole
Alan @ COMM-TECH
alan at communitytechnology.org.uk
Tue Feb 23 17:52:52 UTC 2010
Found a nifty little utility in the Ubuntu Repo called "harden-nids". It
analyses snort logs daily and emails summaries of attacks or heavy
traffic... cant figure out some of them - can anyone translate?
This one is 10.1.1.10 a Laserjet 4300 - what is that weird destination
address?
EVENTS SOURCE DEST METHOD
1180 10.1.1.10 239.255.255.250 MISC UPnP malformed advertisement
This is an ordinary Linux box - running nothing special with regards to
services... what is that method?
EVENTS SOURCE DEST METHOD
974 10.1.1.182 212.49.203.231 COMMUNITY WEB-MISC mod_jrun
overflow attempt
Any ideas?
Alan
More information about the Kent
mailing list