Shri Shrikumar said: > Hello, > > I have been running a server for a few months now for a hobby site and had > installed snort. I have reports of a whole range of attacks on the server > IP including
in default configuration snort will detect about 97-99% false positives as far as "intrusion" goes. at my last employer, without configuration on 2 T1s with ~5% utilization on each I got upwards of 40,000 events per hour. It took about 75 hours of log analysis and tuning to get that number down to a more managable level of ~20 events/hour. so in most cases your fine. all of the attacks you list look pretty harmless to me. I reccomend DEMARC PureSecure as a front end to snort(www.demarc.com). It is not free for commercial use, but is for personal use. It's a real powerful console for snort I've been using it for over a year and a half, there are screenshots of it on demarc.com. It also acts as a system file integrity checker as well as a network service monitor. Real nice program. I run it on FreeBSD mainly. nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
