RE: Win32 Snort Question

2001-12-17 Thread Dustin Puryear
I've done incident response on IIS web servers and when I've asked some admins for the web server logs, I've received a zipped archive containing three .evt files. So perhaps it's not so much the product as it is those responsible for managing it. After all, if someone misuses a gun and

Re: Win32 Snort Question

2001-12-14 Thread H Carvey
In-Reply-To: [EMAIL PROTECTED] Also, you can run apache instead of IIS as an added measure of security as IIS has proven to be a bit of an injection vector for all manner of sicknesses... I'm not about to dictate to anyone what web server they should run, but if they've already

RE: Win32 Snort Question

2001-12-13 Thread Maxime Rapaille
: mardi 11 décembre 2001 11:34 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Win32 Snort Question Thanks for your help. However since my original posting, I have discovered that W2k (perhaps NT aswell - yet to test) can be run without an IP address. The IP appears in the registry in twice

RE: Win32 Snort Question

2001-12-12 Thread Justin Carver
See inline comments. -Original Message- From: Stuart Underhill [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 11, 2001 2:34 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Win32 Snort Question Thanks for your help. SNIP IP-less info for Win2k/NT /SNIP I have tried

RE: Win32 Snort Question

2001-12-12 Thread Don Weber
this was an explanation i sent someone in an email a while back, they never called me saying it didn't work so hopefully that is good news. so i was kind of explaining step by step sorta one-way receive only ehternet cable, this is a good way to make a cable, the reason the pins 1/2 from hub

RE: Win32 Snort Question

2001-12-11 Thread Joe-Clifton
Message- From: Johnson, David [mailto:[EMAIL PROTECTED]] Sent: Monday, December 10, 2001 12:46 PM To: 'Stuart Underhill'; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject:RE: Win32 Snort Question You can't run an interface in Windows without an IP address. What I did on mine

RE: Win32 Snort Question

2001-12-10 Thread Johnson, David
have not had any attempts on my machine since I blocked incoming traffic at the firewall. -Original Message- From: Stuart Underhill [mailto:[EMAIL PROTECTED]] Sent: Friday, December 07, 2001 1:27 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Win32 Snort Question I am currently

Win32 Snort Question

2001-12-09 Thread Stuart Underhill
I am currently building a pair of Win32 Snort (with ACID) machines to monitor traffic either side of our firewall. My plan is to make the boxes as standalone as possible which will mean running IIS on the boxes to allow the ACID analysis tool to run. Other than standard hardening of W2k, can