<br><font size=3>Vytvořeno BASE v1.1.3 (lynn) on Wed, 14 Dec 2005 11:30:39
+0100<br>
<br>
------------------------------------------------------------------------------<br>
#(1 - 362205) [2005-12-14 11:29:35] [snort/27] (portscan) Open Port<br>
IPv4: IP moj webserver -> IP cielova<br>
hlen=5 TOS=0 dlen=36 ID=50438 flags=0
offset=0 TTL=0 chksum=19482<br>
Payload: length = 16<br>
<br>
000 : 4F 70 65 6E 20 50 6F 72 74 3A 20 36 33 34 36 0A Open Port: 6346.</font>
<br>
<br><font size=3>toto je uplny vypis toho alarmu.V podstate mi snort bezi
dobre, akurat nerozumiem tomu preco moj webserver robi portscan na rozne
IP.</font>
<br><font size=3>Preto som sa pytal ci to snort robi nativne alebo naozaj
nieco ine spusta ten sken.</font>
<br>
<br><font size=3>miso</font>
<br>
<br>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td>
<td><font size=1 face="sans-serif"><b>Lubomir Host <rajo@platon.sk></b></font>
<br><font size=1 face="sans-serif">Sent by: linux-bounces@lists.linux.sk</font>
<p><font size=1 face="sans-serif">14.12.2005 11:28</font>
<br><font size=1 face="sans-serif">Please respond to Vseobecna diskusia
o Linuxe</font>
<td><font size=1 face="Arial"> </font>
<br><font size=1 face="sans-serif"> To:
Vseobecna diskusia o Linuxe <linux@lists.linux.sk></font>
<br><font size=1 face="sans-serif"> cc:
</font>
<br><font size=1 face="sans-serif"> Subject:
Re: [linux] snort+base</font></table>
<br>
<br>
<br><font size=2><tt>On Wed, Dec 14, 2005 at 11:19:56AM +0100, michal.lackovic@sk.schneider-electric.com
wrote:<br>
> Zdravim,<br>
><br>
> na svojom webservery pouzivam snort+base na analyzu utokov.<br>
> Problem je v tom, ze najcastejsi zdroj skenovania portov je vlastne
moj<br>
> webserver.<br>
> Je to nejaka vlastnost snortu?<br>
> Ak ano da sa nejako vypnut?<br>
</tt></font>
<br><font size=2><tt>Snort ma nadefinovanych strasne vela pravidiel. A
pravdepodobne ti to<br>
sposobuje nejake zle napisane pravidlo. Skus podla nejakych klucovych<br>
slov najst, ktore pravidlo to je a porozmyslaj nad jeho vypnutim.<br>
</tt></font>
<br><font size=2><tt>Ale konkretna hlaska zo snortu, ktora ti vadi, by
nam povedala viac.<br>
</tt></font>
<br><font size=2><tt>rajo<br>
</tt></font>
<br><font size=2><tt>--<br>
Lubomir Host 'rajo' <rajo AT platon.sk> ICQ #: 257322664
,''`.<br>
Platon Group
http://platon.sk/ : :' :<br>
Homepage: http://rajo.platon.sk/
`. `'<br>
http://www.gnu.org/philosophy/no-word-attachments.html
`-</tt></font>
<br>
<br><font size=2><tt>_______________________________________________<br>
https://lists.linux.sk/mailman/listinfo/linux</tt></font>
<br><font size=2><tt>Prehladavanie archivu: http://search.lists.linux.sk</tt></font>
<br><font size=2><tt>Meta FAQ: http://www.sklug.sk/lists/linux/metafaq.html</tt></font>
<br>