Re: [Linux-ag] Snort

---------

New Message Reply About this list Date view Thread view Subject view Author view Attachment view

From: Umut D. (linuxlist@gmail.com)
Date: Sat 26 Nov 2005 - 19:54:18 EET

Begenmediginiz trafigi toplam trafik kullanimina dahil ettirmemek gibi
bir luksunuz yok :)
Ama surekli ayni ip adresinden geliyorsa bu talepler belki yine
snort+iptables sayesinde bu ip adreslerini gecici olarak
yasaklayabilirsiniz. Virus kaynakli saldirilarda gecici cozum, insan
kaynakli saldirilarda pes etmekle sonuclanan kalici cozum olacaktir :)

Fatih Avcu wrote:

>Ufak br server (debian) kurduk ve üzerinde 2 domain host ediyorum. 20000 üyesi olan
>bir site günlük 4gb veri gidiyor. Normalmi diye düşünürken snort kurdum ve şöyle
>raporlar veriyor nasıl tedbir alabilirm.
>
>[**] [122:3:0] (portscan) TCP Portsweep [**]
>11/25-23:07:02.160696 193.140.142.65 -> 85.102.126.157
>PROTO255 TTL:0 TOS:0x0 ID:8668 IpLen:20 DgmLen:167 DF
>
>[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
>11/25-23:08:05.158544 81.215.155.203:2806 -> 193.140.142.65:80
>TCP TTL:121 TOS:0x0 ID:63769 IpLen:20 DgmLen:510 DF
>***AP*** Seq: 0xFD8657BD Ack: 0x31A7BC6C Win: 0xFC62 TcpLen: 20
>
>[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
>11/25-23:08:28.400306 81.215.155.203:2805 -> 193.140.142.65:80
>TCP TTL:121 TOS:0x0 ID:64012 IpLen:20 DgmLen:510 DF
>***AP*** Seq: 0xF0CAADB7 Ack: 0x3130EEA0 Win: 0xFD17 TcpLen: 20
>
>[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
>11/25-23:08:33.208200 85.106.211.128:1762 -> 193.140.142.65:80
>TCP TTL:120 TOS:0x0 ID:24602 IpLen:20 DgmLen:1472 DF
>***A**** Seq: 0x294FF03 Ack: 0x339A1E5C Win: 0xFFFF TcpLen: 20
>
>[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
>11/25-23:09:35.172208 81.215.65.7:1462 -> 193.140.142.65:80
>TCP TTL:121 TOS:0x0 ID:19630 IpLen:20 DgmLen:339 DF
>***AP*** Seq: 0x3C00F228 Ack: 0x374BB531 Win: 0xFFFF TcpLen: 20
>
>[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
>11/25-23:09:35.238471 85.107.28.15:1548 -> 193.140.142.65:80
>TCP TTL:122 TOS:0x0 ID:32895 IpLen:20 DgmLen:469 DF
>***AP*** Seq: 0xCE40CBFC Ack: 0x3795AE30 Win: 0x4185 TcpLen: 20
>
>[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
>11/25-23:09:50.849194 85.106.211.128:1764 -> 193.140.142.65:80
>TCP TTL:120 TOS:0x0 ID:24631 IpLen:20 DgmLen:413 DF
>***AP*** Seq: 0xB30FA1DF Ack: 0x38D5CF93 Win: 0xFFFF TcpLen: 20
>
>[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
>11/25-23:10:12.654504 85.107.28.15:1550 -> 193.140.142.65:80
>TCP TTL:122 TOS:0x0 ID:32966 IpLen:20 DgmLen:468 DF
>***AP*** Seq: 0x6B1C6420 Ack: 0x3AC6BBED Win: 0x4470 TcpLen: 20
>
>[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
>11/25-23:11:13.516601 85.106.138.165:1402 -> 193.140.142.65:80
>TCP TTL:120 TOS:0x0 ID:11628 IpLen:20 DgmLen:355 DF
>***AP*** Seq: 0xDD97C638 Ack: 0x3DFE6D8E Win: 0xFCF8 TcpLen: 20
>
>_______________________________________________
>Linux-ag mailing list
>Linux-ag@liste.linux.org.tr
>http://liste.linux.org.tr/mailman/listinfo/linux-ag
>
>
>
_______________________________________________
Linux-ag mailing list
Linux-ag@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-ag

New Message Reply About this list Date view Thread view Subject view Author view Attachment view

---------

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.