From owner-freebsd-security  Thu Mar  8 12:12:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from cody.jharris.com (cody.jharris.com [205.238.128.83])
	by hub.freebsd.org (Postfix) with ESMTP id 4336337B719
	for <freebsd-security@FreeBSD.ORG>; Thu,  8 Mar 2001 12:12:14 -0800 (PST)
	(envelope-from nick@rogness.net)
Received: from localhost (nick@localhost)
	by cody.jharris.com (8.11.1/8.9.3) with ESMTP id f28KeU275330;
	Thu, 8 Mar 2001 14:40:31 -0600 (CST)
	(envelope-from nick@rogness.net)
Date: Thu, 8 Mar 2001 14:40:30 -0600 (CST)
From: Nick Rogness <nick@rogness.net>
X-Sender: nick@cody.jharris.com
To: Peter Brezny <peter@black.purplecat.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: New to Snort.
In-Reply-To: <Pine.BSF.4.05.10103081233130.27988-100000@black.purplecat.net>
Message-ID: <Pine.BSF.4.21.0103081436270.74800-100000@cody.jharris.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, 8 Mar 2001, Peter Brezny wrote:

> I'm new to using snort, and would like to know if this is the appropriate
> place to ask questions about the allert logs it generates.

	Send questions to snort-users@lists.sourceforge.net (mailing
	list).

> 
> For example, What does all this mean?
> 
> [**] MISC source port 53 to <1023 [**]
> 03/08-05:16:23.823888 193.75.177.1:53 -> 209.16.228.148:53
> UDP TTL:42 TOS:0x0 ID:54352 IpLen:20 DgmLen:61
> Len: 41

	That is a packet from your network to another machine.  It just
	happens to be a DNS packet (UDP) and the other numbers are just
	the packet header info.


> 
> am i in big trouble?

	No.  You can check out http://www.snort.org for more info.


Nick Rogness <nick@rogness.net>
- Keep on routing in a Free World...  
  "FreeBSD: The Power to Serve!"



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message