Re: snort log has a bunch of different attacks - should I be worried
On Sat, 2003-03-08 at 15:54, nate wrote:
> Shri Shrikumar said:
> > Hello,
> >
> > I have been running a server for a few months now for a hobby site and had
> > installed snort. I have reports of a whole range of attacks on the server
> > IP including
>
> in default configuration snort will detect about 97-99% false positives
> as far as "intrusion" goes. at my last employer, without configuration
> on 2 T1s with ~5% utilization on each I got upwards of 40,000 events per
> hour. It took about 75 hours of log analysis and tuning to get that
> number down to a more managable level of ~20 events/hour.
>
> so in most cases your fine. all of the attacks you list look pretty
> harmless to me.
Thanks nate. Is there a site which lists these things in more detail so
I know if the ones that show up are safe or not.
Shri
--
------------------------------------------------------------------------
Shri Shrikumar U R Byte Solutions
I.T. Consultant Edinburgh, Scotland Tel: (0131) 558 9990
Email: shri@urbyte.com Web: www.urbyte.com
Reply to: