[plug] Smoothwall IDS/snort question
Michael Hunt
michael.j.hunt at usa.net
Mon Dec 24 23:15:58 WST 2001
Hi ya Pluggers,
Anyone care to interpret the IDS logs from Smoothwall. For a period of about
2 seconds I got the following about 4 times.
SmoothWall IDS snort log
Date: 24 December
Date: 12/24 02:25:42
Name: Virus - Possible scr Worm
Priority: n/a
Type: n/a
IP Info: 165.212.8.34:110 -> 203.34.16.182:61111
Refs:
The first IP address happens to be a POP server that I have an account with
(not under my direct admin). The second address is my dynamic IP that I had
at the time of the connection. It seems to me fro some strange reason that
the pop server initiated a connection to my firewall and for some reason
smoothwalls IDS (snort I believe) has logged it as an Intrusion.
Can anyone cast any light on this ???
Michael Hunt
More information about the plug
mailing list