Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: snort.org > snort-users > 03 > 020552.html (Request Expert snort.org Support)

RE: [Snort-users] Unable to receive alerts

From: Sadanapalli, Pradeep Kumar (MED, TCS) <Pradeep.Sadanapalli(at)med.ge.com>
Date: Fri Feb 28 2003 - 15:34:58 EST


Thanks Joe.
But still, when I am running the snortd script, my network interface remains in promiscous mode and I am losing network connection.

Why my network connection is getting disabled when I run the snortd script?
Am I doing something wrong?

Thanks in advance for all your help
Pradeep

-----Original Message-----
From: Joe Giles [mailto:jgiles@joeman1.com] Sent: Friday, February 28, 2003 2:16 PM
To: Sadanapalli, Pradeep Kumar (MED, TCS) Cc: 'snort-users@lists.sourceforge.net'
Subject: Re: [Snort-users] Unable to receive alerts

Well, I'm certainly not an expert on SNORT, although I use it on my network. One thing I noticed about your config file was that you are not defining any report output to anything. All the output options are commented out with the #.

Verify this and if need be fix it.

Or, recommend a good optometrist to me :-D

Joe

Do you need help?X

On Fri, 2003-02-28 at 12:43, Sadanapalli, Pradeep Kumar (MED, TCS) wrote:
> Hi Friends,
other
> computer in the network.
tool
> \
> # that currently detects more than 1100 host and network \
")"
> echo
also
> detect
unfinished
>
> # fragment will be kept around waiting for
> 

#----------------------------------------------------------------------

> # Use in concert with the -z [all|est] command line switch to defeat 

> # stick/snot against TCP rules.  Also performs full TCP stream
> # reassembly, stateful inspection of TCP streams, etc. Can statefully
> # detect various portscan types, fingerprinting, ECN, etc.
>
> # stateful inspection directive
be
> very
> # noisy because there are a lot of crappy ip
patterns
> #
> # keepstats [machine|binary] - keep session statistics, add
"machine"
> to
> # get them in a flat format for machine
reading,
> add
> # "binary" to get them in a unified binary
connection
> only
> # serveronly - reassemble traffic for the server side of a
connection
> only
> # both - reassemble both sides of a session
> # noalerts - turn off alerts from the stream reassembly stage of
> stream4
> # ports [list] - use the space separated list of ports in [list],
> "all"
> # will turn on reassembly for all ports, "default"
will
> turn
> # on reassembly for ports 21, 23, 25, 53, 80, 143,
110,
> 111
> # and 513
(or
> # however long the period is set to in the second argument), the
the
> # threshold be static, or try one of the other adapt methods below
attacks,
>
> # unicast ARP requests, and specific ARP mapping monitoring. To make
authPriv
> -a SHA -A SnortAuthPassword -x DES -X SnortPrivPassword myTrapListener
host=localhost
> # }
> #
> # EXAMPLE RULE FOR REDALERT RULETYPE
> # redalert $HOME_NET any -> $EXTERNAL_NET 31337 (msg:"Someone is being
> LEET"; \

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Fri Feb 28 15:39:15 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:11:46 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library