1 |
On Sunday 06 November 2005 10:03 am, aa6qn@×××××××××××.net wrote: |
2 |
> I could use some help here. I have emerged Snort on my system here (along |
3 |
> with SnortSnarf) and have been watching the alerts. What is causing my |
4 |
> concern it that my server is being reported as a source for serveral web |
5 |
> based attack signatures to a host of unknown destinations. I have spent |
6 |
> some time cleaning and rebuilding the server with no luck until I turned |
7 |
> off Squid. |
8 |
|
9 |
Could you please paste in copies of the warnings/alerts;log entries you are |
10 |
seeing? |
11 |
|
12 |
Also, have you done a packet capture manually on that port to see what is |
13 |
going on? |
14 |
|
15 |
It is about equally likely that snort is giving you a false positive as it is |
16 |
that anything is wrong with squid... |
17 |
|
18 |
Regards, |
19 |
|
20 |
- Brian |
21 |
-- |
22 |
gentoo-security@g.o mailing list |