On Sat, 2002-11-30 at 19:26, Lorne wrote: > I am kind of confused. I just rebuilt my mandrake security firewall. Snort > didn't install correctly. It did on the second attempt. Now the system has > been up for 4 hours approximately and it looks like perhaps I'm already in > trouble!?!?!?! > /snort/portscan.log:Nov 30 17:15:03 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP > /snort/portscan.log:Nov 30 17:15:03 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP > /snort/portscan.log:Nov 30 17:15:11 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP > > The first IP address is me! According to snort, I'm attacking this other > address? This makes no sense to me. how could my box be compromised in less > than 12 hours flat if it is set to high security? Incidentally that second IP > is the one that has been attacking me, so my guess is I'm mis reading this. > ?? Help! > >
UDP 53 is DNS lookup -- re-read the Snort INSTALL documentation, you don't have the networks area set up properly. > ---- > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
