[8.161][BUG][FIXED] ips

Hi All

I am getting the message below and not sure what it is to be honest

2011:03:16-08:15:09 *** snort[7399]: S5: Session exceeded configured max bytes to queue 1048576 using 1048632 bytes (server queue). 86.141.69.209 52244 --> 46.137.1.141 5205 : LWstate 0x9 LWFlags 0x6007

Also I got few port scan which were not reported (i wasn't sure if this was reported-apologies for that!)

2011:03:18-00:32:27 **** ulogd[5225]: id="2102" severity="info" sys="SecureNet" sub="ips" name="portscan detected" action="portscan" fwrule="60017" initf="ppp0" srcip="58.218.199.147" dstip="81.153.173.93" proto="6" length="40" tos="0x00" prec="0x00" ttl="110" srcport="12200" dstport="80" tcpflags="SYN"

Thanks

Parents

0 wingman over 14 years ago

Hi Kai

I've also run " security space no risk report " and "Single Test 11834: Source routed packets" from security space website and so far no email alert has been generated.

I can see the logs on the ips(live log) , I can see the specified ip in the "Top dropped source hosts" but no aler was generated. I have the relevant notifications turned on
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 wingman over 14 years ago

Hi Kai

I've also run " security space no risk report " and "Single Test 11834: Source routed packets" from security space website and so far no email alert has been generated.

I can see the logs on the ips(live log) , I can see the specified ip in the "Top dropped source hosts" but no aler was generated. I have the relevant notifications turned on
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data