I am kind of confused. I just rebuilt my mandrake security firewall. Snort didn't install correctly. It did on the second attempt. Now the system has been up for 4 hours approximately and it looks like perhaps I'm already in trouble!?!?!?! /snort/portscan.log:Nov 30 17:15:03 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP /snort/portscan.log:Nov 30 17:15:03 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP /snort/portscan.log:Nov 30 17:15:11 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP
The first IP address is me! According to snort, I'm attacking this other address? This makes no sense to me. how could my box be compromised in less than 12 hours flat if it is set to high security? Incidentally that second IP is the one that has been attacking me, so my guess is I'm mis reading this. ?? Help!
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
