[Dshield] For those that want to see what a Snort Sensor can see
areust at comcast.net
Thu Apr 8 02:23:32 GMT 2004
I have been working on upgrading my IDS's to Snort 2.1.1 and previously
posted that I have mix that works. PHP/MYSQL/Acid console. This covers 5
active sensors in DMZ's and various test sensors to see what happens when
you have to upgrade the Snort or the support files. Any way you look at it,
it is an added pain in the butt..
This is on a Win Box (2K Pro) using DHCP on a "public" network (comcast). I
have not modified the basic rule sets from 3/24/2004, so you will see what
comes out of the box. Yes it reports differently than previously seen. New
definitions of false positives. Just call it progress...
Yes, IIS is fairly locked down and the box is patched.. I do not expect it
to be toppled.. I did want people to get a chance to look and see what can
be seen. I do not expect an attack to see if you can topple it.. I expect
to see what happens when a box is put in a "public" network. That is why I
opened the invitation to go look. Until you see you never know.
Typically, I would have the box doing "things" that could stress the CPU,
so if a hundred people hit it that I would expect that would be sluggish.
This does not mention what "they" feel as "user" network should do
"outbound." If you take time to go look, please Do Not delete any alerts..
I do want to see what is happening.
It is a PIII 550 with 384meg of RAM. The Ram utilization are at about 75%
I will take it down Monday 12 April 2004 in the morning.
If you want to look the URL is
Password: L00k at meplz ; Lzerozerok at meplz
This has been running here for about three+ hours 4:00pm PDT
Otherwise, Have Fun
If you have detailed questions please send off list. Yes the build document
is being revised, it is a "living" thing with all the updates...
One of the IPs that you will see is 184.108.40.206 that hosts my Dynamic
DNS, yes it gets attacked as it has IIS and FTP. See previous emails, on
home networking. Yes I have 11 machines behind the firewall..No I do not
have an MTA running.. Linksys support "sucks" so I bought a NetGear that
More information about the list