[Linux-sunucu] Snort

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Fatih Avcu (fatih@inonu.edu.tr)
Date: Sat 26 Nov 2005 - 11:53:02 EET

Previous message: Huseyin A. Ozbey: "RE: [Linux-sunucu] RHCE (RedHat Certified Engineer)"

Ufak br server (debian) kurduk ve üzerinde 2 domain host ediyorum. 20000 üyesi olan
bir site günlük 4gb veri gidiyor. Normalmi diye düşünürken snort kurdum ve şöyle
raporlar veriyor nasıl tedbir alabilirm.

[**] [122:3:0] (portscan) TCP Portsweep [**]
11/25-23:07:02.160696 193.140.142.65 -> 85.102.126.157
PROTO255 TTL:0 TOS:0x0 ID:8668 IpLen:20 DgmLen:167 DF

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
11/25-23:08:05.158544 81.215.155.203:2806 -> 193.140.142.65:80
TCP TTL:121 TOS:0x0 ID:63769 IpLen:20 DgmLen:510 DF
***AP*** Seq: 0xFD8657BD Ack: 0x31A7BC6C Win: 0xFC62 TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
11/25-23:08:28.400306 81.215.155.203:2805 -> 193.140.142.65:80
TCP TTL:121 TOS:0x0 ID:64012 IpLen:20 DgmLen:510 DF
***AP*** Seq: 0xF0CAADB7 Ack: 0x3130EEA0 Win: 0xFD17 TcpLen: 20

[**] [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY [**]
11/25-23:08:33.208200 85.106.211.128:1762 -> 193.140.142.65:80
TCP TTL:120 TOS:0x0 ID:24602 IpLen:20 DgmLen:1472 DF
***A**** Seq: 0x294FF03 Ack: 0x339A1E5C Win: 0xFFFF TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
11/25-23:09:35.172208 81.215.65.7:1462 -> 193.140.142.65:80
TCP TTL:121 TOS:0x0 ID:19630 IpLen:20 DgmLen:339 DF
***AP*** Seq: 0x3C00F228 Ack: 0x374BB531 Win: 0xFFFF TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
11/25-23:09:35.238471 85.107.28.15:1548 -> 193.140.142.65:80
TCP TTL:122 TOS:0x0 ID:32895 IpLen:20 DgmLen:469 DF
***AP*** Seq: 0xCE40CBFC Ack: 0x3795AE30 Win: 0x4185 TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
11/25-23:09:50.849194 85.106.211.128:1764 -> 193.140.142.65:80
TCP TTL:120 TOS:0x0 ID:24631 IpLen:20 DgmLen:413 DF
***AP*** Seq: 0xB30FA1DF Ack: 0x38D5CF93 Win: 0xFFFF TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
11/25-23:10:12.654504 85.107.28.15:1550 -> 193.140.142.65:80
TCP TTL:122 TOS:0x0 ID:32966 IpLen:20 DgmLen:468 DF
***AP*** Seq: 0x6B1C6420 Ack: 0x3AC6BBED Win: 0x4470 TcpLen: 20

[**] [119:7:1] (http_inspect) IIS UNICODE CODEPOINT ENCODING [**]
11/25-23:11:13.516601 85.106.138.165:1402 -> 193.140.142.65:80
TCP TTL:120 TOS:0x0 ID:11628 IpLen:20 DgmLen:355 DF
***AP*** Seq: 0xDD97C638 Ack: 0x3DFE6D8E Win: 0xFCF8 TcpLen: 20

_______________________________________________
Linux-sunucu mailing list
Linux-sunucu@liste.linux.org.tr
http://liste.linux.org.tr/mailman/listinfo/linux-sunucu

Previous message: Huseyin A. Ozbey: "RE: [Linux-sunucu] RHCE (RedHat Certified Engineer)"

New Message	Reply	About this list	Date view	Thread view	Subject view	Author view	Attachment view

Bu arsiv hypermail 2.1.2 tarafindan uretilmistir.