Snort mailing list archives
Re: CyberKit 2.2 Ping, its driven me Nuts..
From: alexanderhampel () netscape net (Alexander Hampel)
Date: Mon, 29 Dec 2003 14:55:47 -0500
I use a custom cron script, that checks every minute for CyberKit 2.2 alerts originating from within our Class B network. It gets the MAC address of the offending PC through 'nbtscan', and sends popup warning messages to the offender via 'smbclient -M'. It further logs the offending PC's NetBIOS name, IP, MAC, and sends out a text page via 'mailto', so the antivirus team can take care of the infected PC. External Cyberkit 2.2 alerts are being ignored. Incoming ports 135 and tftp are of course blocked at the firewall to prevent infection from the outside. Alexander Erwin Van de Velde <erwin.vandevelde () ua ac be> wrote:
Hi, Commenting it out will make you bind for internal infections!!! I don't think it is good to comment it out, just adapt it if you really want to get rid of the alerts. Otherwise: filtering afterwards on alerts itself. This way you will keep statistical information on virus activity, which can be nice to show your boss :-) It's also a good thing to keep an eye on general internet activity and commenting all those nasty alerts out isn't the way to do that. Greetings, Erwin Van de Velde Student of Antwerp University Belgium On Monday 29 December 2003 17:51, Bryan Irvine wrote:I commented that rule out. On Mon, 2003-12-29 at 10:51, Chris N wrote:Fellow Snorters, Ok, I have had enough of this "CyberKit 2.2 Ping." How are some of you guys dealing with it? Do you just ignore(pass), log every one, or go and try to shut the offending hosts down? Although, trying to shutdown all the offending host could be a daunting task, since there are so dam many. Chris ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
__________________________________________________________________ New! Unlimited Access from the Netscape Internet Service. Beta test the new Netscape Internet Service for only $1.00 per month until 3/1/04. Sign up today at http://isp.netscape.com/register Act now to get a personalized email address! Netscape. Just the Net You Need. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: CyberKit 2.2 Ping, its driven me Nuts.., (continued)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Erwin Van de Velde (Dec 29)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. Michael Steele (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Bryan Irvine (Dec 29)
- SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Chris N (Dec 31)
- Re: SUMMARY, CyberKit 2.2 Ping, its driven me Nuts.. Jeff Kell (Dec 31)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. CMartin (Dec 29)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. Bryan Irvine (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. dlbox (Dec 29)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. Thompson, Jimi (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Matthew L. McCarty (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. Alexander Hampel (Dec 29)
- RE: CyberKit 2.2 Ping, its driven me Nuts.. CGhercoias (Dec 29)
- Re: CyberKit 2.2 Ping, its driven me Nuts.. lindsay . hunt (Dec 30)