Snortblock

Postby Stig » Tue Jul 03, 2007 4:48 pm

I min blocketip
1183496462;[Classification
1183496464;[Classification
1183496465;[Classification
1183496469;[Classification
1183496490;[Classification
1183496509;[Classification
1183496515;[Classification
1183496536;[Classification
1183496565;[Classification
1183496580;[Classification
1183496610;[Classification
1183496612;[Classification
1183496612;[Classification
1183496635;[Classification
1183496640;[Classification
1183496660;[Classification
1183496661;[Classification
1183496661;[Classification
1183496667;[Classification
1183496681;[Classification
1183496690;[Classification
1183496691;[Classification
1183496693;[Classification
1183496710;[Classification
1183496711;[Classification
1183496717;[Classification
1183496717;[Classification
1183496730;[Classification


Ock jag tror att det lite fel i snortblocket
              set -- `echo $i | sed s:\[\*\*\]:\ :g`
              set -- `echo $3 | sed s:_:\ :g | sed s/\:/\ /g`


Någon som har någon ide?

I alert är det så här
07/03-21:57:15.215476  [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] {ICMP} 87.218.66.67 -> 81.236.154.26
07/03-21:57:15.485476  [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] {ICMP} 83.7.164.71 -> 81.236.154.26
07/03-21:57:15.985476  [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] {ICMP} 83.59.254.91 -> 81.236.154.26
07/03-21:57:16.005476  [**] [1:2003:2] MS-SQL Worm propagation attempt [**] [Classification: Misc Attack] [Priority: 2] {ICMP} 85.167.108.138 -> 81.236.154.26
User avatar
Stig
Member
 
Posts: 71
Joined: Thu May 09, 2002 7:02 pm

Return to Svenska - Swedish

Who is online

Users browsing this forum: No registered users and 1 guest

cron