-----Original Message-----
From: Nerijus Krukauskas [mailto:nkrukauskas@gmail.com]
Sent: Friday, January 27, 2006 3:01 AM
To: Snort Users
Cc: Michael Scheidell
Subject: Re: [Snort-users] Anyone have problems with aanval?
On 27/01/06, Michael Scheidell <scheidell@secnap.net> wrote:
We traced a very large data transfer from the host we had running
aanval to 82.165.229.52
Interesting thing about that ip address:
host www.aanval.com
www.aanval.com is a nickname for aanval.com
aanval.com has address 82.165.229.52
aanval.com mail is handled (pri=10) by mail.aanval.com
82.165.229.51 is also known as oad.aanval.com. OAD stands
for 'Offender Analysis Database'. And default install of
aanval console sends lot's of data to that database. In
aanval console go Aanval -> System Options -> Processor
Options -> uncheck the 'Offender Analysis Database' option ->
press 'Update Options' -> see how the traffic to oad.aanval.com stops.
21GB? 7 hours? Do the math, that will saturate two t1's for 7 hours.
And besides, we turned it off in system options the day we installed it.
Did RTFM.
Thanks for playing, next player?
I suggest that you RTFM more prior to installing something. :)
Navigate yourself through
http://www.theadamsfamily.net/> ~erek/snort/drinking_game.txt
and get a headache in the
morning (hint: I think this is answered in documentation, at
least). :)
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
