Home page logo
/

snort logo Snort mailing list archives

Some standards in my alerts
From: Joao Daniel Neves <joaodanielnevesss () hotmail com>
Date: Tue, 2 Apr 2013 21:09:21 +0300

Hi,

I have noticied a 'little standard' in my alerts. For example, my comapany have more than 1000 IP adress. 
I'm using BASE, when I make a filter to show only uniq IP's sources for a given alert, I can notice that 
a lot of alerts stop scanning my network when it reach about 700 scanned IPs. (700 diferents IP's destinations)
(In other generally one IP source give up scanning my network when it have scanned about 700 IP's)

 For example: 

IP X.Y.Z.K tried 717 IP's of my network. (The rule that's trigged it was traceroute ).
IP A.B.C.D tried 699 IP's of my network. (The rule that's trigged it was CyberKit Ping).

And a lot of other exemples like this. 

I wish to know if some guys around the world have noticed some thing like this.
 
                                          
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
  • Some standards in my alerts Joao Daniel Neves (Apr 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]