[Snort-users] os x single user
This is a discussion on [Snort-users] os x single user within the Snort forums, part of the System Security and Security Related category; Is it appropriate, or desirable to run and learn Snort on my setup? I am using snort (installed w HenWen) ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-15-2003
|
|||
|
|||
[Snort-users] os x single user
Is it appropriate, or desirable to run and learn Snort on my setup?
I am using snort (installed w HenWen) on a Macintosh running OS X, a single user machine and the only machine on my small home network that runs UNIX. The OSX machine has one nic card connected to cable and a second connected to a hub. All other machines are connected to the OS X machine by the hub. The OSX machine acts as a router. The router software is started up on a "need to" basis, which is seldom. The OS X machine occasionally has Personal Web Sharing enabled, and I have Apache, MySQL and PHP installed for learning and testing purposes. When I do this port 80 and port 427 are opened. Since installing HenWen and Snort I have not enabled Personal Web Sharing, so any alerts are in an environment where the default OS X firewall is fully enabled. There are quite a few alerts listed in the logs, mostly ICMP PING Cyberkit 2.2 Windows, which is is likely some sort of virus or trojan query, from what I can gather. Today I have noticed quite a few "ATTACK-RESPONCES id check returned root" (port 80), which sounded rather ominous to a beginner. My reading indicates that this could be a result of visiting certain web pages, particularly those dealing with security issues. That would make sense, I have been dithering about trying to find a toe hold on understanding this stuff and perhaps one of the sites I visited triggered this alert. thanks Donna dm87 ------------------------------------------------------- This SF. Net email is sponsored by: GoToMyPC GoToMyPC is the fast, easy and secure way to access your computer from any Web browser or wireless device. Click here to Try it Free! https://www.gotomypc.com/tr/OSDN/AW/...=mm/g22lp.tmpl _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
