Witam,
zainstalowałem snort. dostaję takie logi:
% count ip alert
49.27 1017 67.22.xx.xx (portscan) TCP Decoy Portscan
37.21 768 67.22.xx.xx (snort_decoder): Experimental Tcp Options found
5.09 105 67.22.xx.xx ICMP Destination Unreachable Communication Administratively Prohibited
1.60 33 67.22.xx.xx (http_inspect) BARE BYTE UNICODE ENCODING
1.31 27 67.22.xx.xx (http_inspect) IIS UNICODE CODEPOINT ENCODING
1.21 25 67.22.xx.xx (http_inspect) DOUBLE DECODING ATTACK
1.11 23 67.22.xx.xx (http_inspect) OVERSIZE CHUNK ENCODING
0.82 17 67.22.xx.xx (http_inspect) OVERSIZE REQUEST-URI DIRECTORY
0.63 13 67.22.xx.xx (http_inspect) IIS UNICODE CODEPOINT ENCODING
0.15 3 67.22.xx.xx (snort_decoder) WARNING: TCP Data Offset is less than 5!
0.15 3 67.22.xx.xx (http_inspect) IIS UNICODE CODEPOINT ENCODING
0.15 3 67.22.xx.xx (portscan) TCP Portsweep
0.15 3 67.22.xx.xx (snort_decoder) WARNING: TCP Header length exceeds packet length!
0.10 2 207.171.183.113 (http_inspect) OVERSIZE CHUNK ENCODING
0.10 2 209.85.165.191 (http_inspect) OVERSIZE CHUNK ENCODING
0.10 2 67.22.xx.xx (http_inspect) OVERSIZE CHUNK ENCODING
0.10 2 67.22.xx.xx (snort_decoder): Truncated Tcp Options
0.10 2 67.22.xx.xx (http_inspect) OVERSIZE CHUNK ENCODING
0.10 2 67.22.xx.xx (http_inspect) OVERSIZE CHUNK ENCODING
0.10 2 67.22.xx.xx (http_inspect) OVERSIZE REQUEST-URI DIRECTORY
czy ktoś może powiedzieć za co najpierw się zabrać i jak?