Re: snort log has a bunch of different attacks - should I be worried

[Shri Shrikumar <shri@urbyte.com>]

On Sat, 2003-03-08 at 15:54, nate wrote:
> Shri Shrikumar said:
> > Hello,
> >
> > I have been running a server for a few months now for a hobby site and had
> > installed snort. I have reports of a whole range of attacks on the server
> > IP including
> 
> in default configuration snort will detect about 97-99% false positives
> as far as "intrusion" goes. at my last employer, without configuration
> on 2 T1s with ~5% utilization on each I got upwards of 40,000 events per
> hour. It took about 75 hours of log analysis and tuning to get that
> number down to a more managable level of ~20 events/hour.
> 
> so in most cases your fine. all of the attacks you list look pretty
> harmless to me.

Thanks nate. Is there a site which lists these things in more detail so
I know if the ones that show up are safe or not.

Shri

-- 
------------------------------------------------------------------------
Shri Shrikumar             U R Byte Solutions
I.T. Consultant            Edinburgh, Scotland     Tel: (0131) 558 9990	
Email: shri@urbyte.com                             Web: www.urbyte.com