Re: [Snort-users] CyberKit 2.2 Ping, its driven me Nuts..
This is a discussion on Re: [Snort-users] CyberKit 2.2 Ping, its driven me Nuts.. within the Snort forums, part of the System Security and Security Related category; I have found this rule to be extremely valuable in terms of finding infected hosts. Yes, it is difficult to ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-30-2003
|
|||
|
|||
Re: [Snort-users] CyberKit 2.2 Ping, its driven me Nuts..
I have found this rule to be extremely valuable in terms of finding infected hosts. Yes, it is difficult to track down all of the cyberkit alerts, but the trade off is much worse; an infected network. Our network permformance was severely affected when the Nachi/Welchia worm was released. The cyberkit rule (in addition to firewall logs) helped us identify the infected machines so that they could be removed from the network and cleaned. I don't really want hundreds of thousands of pings traversing our network looking for machines to compromise. regards, Lindsay Hunt Network Engineer Alstom Power phone 804-763-7239 mobile 804-334-1682 fax 804-763-7107 Roberto Suarez Soto <robe@alfa21.com> To: snort-users@lists.sourceforge.net cc: Sent by: Subject: Re: [Snort-users] CyberKit 2.2 Ping, its driven me Nuts.. snort-users-admin@lists.sour ceforge.net 12/29/2003 11:13 AM On Dec/29, Chris N wrote: > Ok, I have had enough of this "CyberKit 2.2 Ping." How are some of you guys > dealing with it? Do you just ignore(pass), log every one, or go and try to > shut the offending hosts down? Although, trying to shutdown all the > offending host could be a daunting task, since there are so dam many. I just switched that rule off. I couldn't bear it anymore O:-) -- Roberto Suarez Soto Alfa21 Outsourcing robe@alfa21.com http://www.alfa21.com ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users CONFIDENTIALITY : This e-mail and any attachments are confidential and may be privileged. If you are not a named recipient, please notify the sender immediately and do not disclose the contents to another person, use it for any purpose or store or copy the information in any medium. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
