Snort mailing list archives
Only thing logged is IMAP requests
From: Phil <foo_bar_00 () yahoo com>
Date: Tue, 31 Jul 2001 23:31:44 -0700 (PDT)
Hey all, I've included all the necessary version information below, but I'm going to start with my question. The only log file that I'm seeing is for my own external IP address, and it's for IMAP requests.... I have TONS of logs for IMAP requests and they all look like this: [**] spp_stream4: EVASIVE RST detection [**] 07/31-20:10:10.494273 my.external.ip.addr:34129 -> my.imap.server.outside:143 TCP TTL:254 TOS:0x0 ID:26746 IpLen:20 DgmLen:54 DF *****R** Seq: 0xE955B9AE Ack: 0x0 Win: 0x8000 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ The setup is this: 4 machines inside a NAT'd LAN. Snort running on the external interface of the NAT/firewall box. ADSL connection with dynamic IP (virtual interface ppp0) Solaris 8 x86 4/01 Snort 1.8p1 variables from snort.conf: var HOME_NET $ppp0_ADDRESS var EXTERNAL_NET !$HOME_NET Command used to start snort: /usr/local/bin/snort -A fast -s -i ppp0 -l /var/log/snortlogs -c /etc/snort/snort.conf -D Phil __________________________________________________ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Only thing logged is IMAP requests Phil (Jul 31)