Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Snort Advanced » Logs Analysis

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Logs Analysis


Posted by nongrata on April 19, 2005 07:29:46

Hi,

Does anybody knows about a "repository" of network data of networks under attack? What I'm trying to do is to fine-tune some Snort rules and I wanted to test them against network monitors' logs of real attacks. Is there such a repository of raw data?

Thanks,
P.N.

Posted by francescoflora on June 06, 2005 22:53:47

Hi guys,
Analyzing alerts I've foun lot of traffic from different stations marked as (portscan) TCP Portsweep.
What could it be?
Thanks

Posted by francescoflora on June 06, 2005 23:07:36

Hi guys,
Analyzing alerts I've foun lot of traffic from different stations marked as (portscan) TCP Portsweep.
What could it be?
Thanks

Posted by chris on June 07, 2005 16:22:32

Hi frances, are the different stations running on the same platforms ?, you might want to try firing up an ethereal session on one of the stations to watch for the time that snort is logging the port sweep events and then correlating with services running..
cheers
Chris
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.