[Snort-users] Action while receive alerts
This is a discussion on [Snort-users] Action while receive alerts within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. --===============2109429477== Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6BCEC.7B9CA6CC" ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
08-11-2006
|
|||
|
|||
[Snort-users] Action while receive alerts
This is a multi-part message in MIME format.
--===============2109429477== Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C6BCEC.7B9CA6CC" Content-class: urn:content-classes:message This is a multi-part message in MIME format. ------_=_NextPart_001_01C6BCEC.7B9CA6CC Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi all, =20 May I know what is you all action while receiving alerts from your snort server? Did you patch accordingly to the servers being intruder? =20 Let's have a scenario as below, Example: While someone is trying to intrude to my server application vulnerability which I already patched with latest patch. 1) Will I still receive snort alert? =20 =20 Thank You..... =20 Regards, Eugene IT Security, OPUS/IT 03 - 27306653 (ext: 653) =20 Data Classification: 2 [ 0-Public 1-Internal 2-Confidential (authorization required) 3-Strictly Confidential ]=20 This message is intended solely for the addressee. It is confidential and may be legally privileged. Access to this message by anyone is unauthorized. Unauthorized use is strictly prohibited and may be unlawful. If you are not the intended recipient, any disclosure, copying, or distribution of the message, or any action or omission taken by you in reliance on it, except for the purpose of the delivery to the addressee, is prohibited and may be unlawful. Any confidentiality or privilege is not waived or lost because this mail has been sent to by mistake. =20 This e-mail and any attachments therewith are intended only for the use of = the address. This e-mail may contain confidential and privileged informatio= n. Any unauthorized use, copying or disclosure of information contained in= this e-mail or its attachments is strictly prohibited and may be unlawful.= If you have received this e-mail in error, please contact the sender via r= eturn e-mail and delete this e-mail and attachments thereafter. Any confide= ntiality or privilege is not waived or lost because this e-mail has been se= nt to you by mistake. Any liability for viruses is excluded to the fullest = extent permitted by law. ------_=_NextPart_001_01C6BCEC.7B9CA6CC Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc= hemas-microsoft-com:office:word" xmlns:st1=3D"urn:schemas-microsoft-com:off= ice:smarttags" xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"> <meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)"> <o:SmartTagType namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"City"/> <o:SmartTagType namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"place"/> <!--[if !mso]> <style> st1\:*{behavior:url(#default#ieooui) } </style> <![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:"Allianz Serif"; panose-1:2 0 5 3 5 0 0 2 0 4;} @font-face {font-family:"Allianz Serif Light"; panose-1:2 0 5 6 7 0 0 2 0 4;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {margin:0in; margin-bottom:.0001pt; font-size:12.0pt; font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline;} p {mso-margin-top-alt:auto; margin-right:0in; mso-margin-bottom-alt:auto; margin-left:0in; font-size:12.0pt; font-family:"Times New Roman";} span.EmailStyle17 {mso-style-type:personal-compose; font-family:Arial; color:windowtext;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in;} div.Section1 {page:Section1;} --> </style> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1= 0.0pt; font-family:Arial'>Hi all,<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1= 0.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1= 0.0pt; font-family:Arial'>May I know what is you all action while receiving alerts from your snort server?<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1= 0.0pt; font-family:Arial'>Did you patch accordingly to the servers being intruder?= <o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1= 0.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1= 0.0pt; font-family:Arial'>Let’s have a scenario as below,<o:p></o:p></span><= /font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1= 0.0pt; font-family:Arial'>Example: While someone is trying to intrude to my server= application vulnerability which I already patched with latest patch.<o:p></o:p></span><= /font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1= 0.0pt; font-family:Arial'>1) Will I still receive snort alert? &= nbsp; &nb sp; &nbs= p; <o:p></o:p><= /span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span style=3D'font-size:1= 0.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3D"#333333" face=3D"Allianz Serif= "><span style=3D'font-size:10.0pt;font-family:"Allianz Serif";color:#333333'>Thank = You.....</span></font><o:p></o:p></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D= 'font-size: 12.0pt'> <o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3D"#333333" face=3D"Allianz Serif= "><span style=3D'font-size:10.0pt;font-family:"Allianz Serif";color:#333333'>Regard= s,</span></font><o:p></o:p></p> <p class=3DMsoNormal><st1:City w:st=3D"on"><st1:place w:st=3D"on"><font siz= e=3D2 color=3D"#333333" face=3D"Allianz Serif"><span style=3D'font-size:10.0pt; font-family:"Allianz Serif";color:#333333'>Eugene</span></font></st1:plac= e></st1:City><o:p></o:p></p> <p class=3DMsoNormal><font size=3D2 color=3D"#333333" face=3D"Allianz Serif= "><span style=3D'font-size:10.0pt;font-family:"Allianz Serif";color:#333333'>IT Sec= urity, OPUS/IT</span></font><o:p></o:p></p> <p class=3DMsoNormal><font size=3D2 color=3D"#333333" face=3D"Allianz Serif= "><span style=3D'font-size:10.0pt;font-family:"Allianz Serif";color:#333333'>03 - 27306653 (ext: 653)</span></font><o:p></o:p></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D= 'font-size: 12.0pt'> <o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3D"#333333" face=3D"Allianz Serif= "><span style=3D'font-size:10.0pt;font-family:"Allianz Serif";color:#333333'>Data Classification:<b><span style=3D'font-weight:bold'> 2</span></b><br> [ 0-Public 1-Internal 2-Confidential (authorization required)&n= bsp; 3-Strictly Confidential ]</span></font><font size=3D2 color=3Dgray face=3D"Allianz Serif"><span style=3D'font-size:10.0pt;font-family:"Allianz= Serif"; color:gray'> <o:p></o:p></span></font></p> <p style=3D'margin-top:6.0pt'><i><font size=3D1 color=3D"#777777" face=3D"Allianz Serif Light"><span style=3D'font-size:8.0pt;font-family:"Al= lianz Serif Light"; color:#777777;font-style:italic'>This message is intended solely for the addressee. It is confidential and may be legally privileged. Access to this message by anyone is unauthorized. Unauthorized use is strictly prohibited = and may be unlawful. If you are not the intended recipient, any disclosur= e, copying, or distribution of the message, or any action or omission taken by= you in reliance on it, except for the purpose of the delivery to the addressee,= is prohibited and may be unlawful. Any confidentiality or privilege is not wai= ved or lost because this mail has been sent to by mistake.</span></font></i><fo= nt face=3D"Allianz Serif Light"><span style=3D'font-family:"Allianz Serif Ligh= t"'><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D3 face=3D"Times New Roman"><span style=3D= 'font-size: 12.0pt'><o:p> </o:p></span></font></p> </div> <p><span style=3D"font-family:'Arial';font-size:8pt;">This e-mail and any a= ttachments therewith are intended only for the use of the address. This e-m= ail may contain confidential and privileged information. Any unauthorized u= se, copying or disclosure of information contained in this e-mail or its a= ttachments is strictly prohibited and may be unlawful. If you have received= this e-mail in error, please contact the sender via return e-mail and dele= te this e-mail and attachments thereafter. Any confidentiality or privilege= is not waived or lost because this e-mail has been sent to you by mistake.= Any liability for viruses is excluded to the fullest extent permitted by l= aw.</span></p> <p><span style=3D"font-family:'Arial';font-size:8pt;"> </span></p></bo= dy> </html> ------_=_NextPart_001_01C6BCEC.7B9CA6CC-- --===============2109429477== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=...057&dat=121642 --===============2109429477== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============2109429477==-- 
|
Linear Mode
