[geeks] Argh!

Shawn Wallbridge swallbridge at franticfilms.com
Tue Oct 15 12:33:22 CDT 2002


William S. wrote:

>What is a snort machine? Is it a hardware or software
>solution? (Wondering if this is a term I should know...)
>
>On Tue, Oct 15, 2002 at 11:52:31AM -0500, Shawn Wallbridge wrote:
>  
>
>>A client with my co-locating company didn't patch his SSL. I got an 
>>email this morning saying his machine was trying to break into some 
>>machine in California. Turns out he got infected by the Slapper worm.
>>
>>Me thinks it's time to get a Snort machine up and running.
>>
>>    
>>
>
>  
>
Sorry, Snort is an Intrusion Detection package (www.snort.org). It will 
tell you if a) people are trying to do bad things to your machines b) 
your machines are trying to do bad things to other machines. Either way, 
it would probably have caught this much earlier.

I had planned on using a Sun Ultra1 running OpenBSD to do this, but I am 
going to have to get a machine up tonight and the U1 isn't here yet, so 
I am going to have to use a SS5 for now.

shawn



More information about the geeks mailing list