[Wolves] Snort fun and games
Jayne Heger
jayne@sphynx.clara.co.uk
Thu Aug 22 20:29:01 2002
> - I have got the system set up and it says there are
> 0 alerts. Could someone suggest some tests I can use
> to attack my own machine so I can check if some alerts
> are being generated. I tried to nmap my machine with
> nmap -O 127.0.0.1 but it did not show up as
> portscanning traffic.
>
> - Is there a way I can make the machine beep when an
> alert is generated?
I use Snort on a Smoothwall box, I don't know of any tools like nmap or
chkrootkit you could use for Snort.
But a few weeks ago I joined a mailing list for FreeSwan as me and my
boyfriend are currently trying to set up a VPN connection and the amount of
alerts I have had, people sending virus's (mailing list is unmoderated) and
it appearing on my Snort logs. For example :-
Date:
08/19 16:13:07
Name:
Virus - Possible scr Worm
Priority:
3
Type:
Misc activity
IP info:
195.8.69.217:110 -> 217.158.132.78:61002
References:
none found
Date:
08/19 16:14:33
Name:
Virus - Possible pif Worm
Priority:
3
Type:
Misc activit
IP info:
195.8.69.217:110 -> 217.158.132.78:61002
References:
none found
It also logs MSM chat info BTW so I am actually going to comment out those
warnings in my log files as they are taking up too much space.
Good luck,
Jayne