Re: [Snort-users] (no subject)

From: Erek Adams <erek(at)snort.org>
Date: Tue Apr 08 2003 - 19:30:49 EDT

On Tue, 8 Apr 2003, ryan stangl wrote:

> I was hoping that someone could help me, I am running snort 1.9 on
> Win2K. I got it to run and on our little moch network I can see other
> computers trying to get in, for example I can see a ping, or a sweep. So
> I assumed that it was working. Then I wanted to see if I could get one
> of my rules to work, so I added a rules text where all the other rules
> where, and gave it a .rules extension, I made just a simple one alert tcp
> <ip/24>500:2000 -> <ip/24> any. Then in the snort config file I placed a
> # in front of all of the rules listed and added a path to the rule file I
> made. My thinking was that I would recieve only instances that I
> specified where anything coming from not my computer between port 500 and
> 2000 trying to go to my computer by any port, but that wasn't the case, I
> was getting everything as I was before, comming from any port. It seemed
> A.) that my rule file wasn't working, and B.) that all the rule files
> where activated again, WHY IS THIS. If anyone can help me out here it
> would be greatly appreciated. Thanks

Either you didn't restart snort after you made the change, or you are using a different config file than the one you edited.

Cheers!

---

Erek Adams

   "When things get weird, the weird turn pro." H.S. Thompson

---

This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Tue Apr 8 19:40:27 2003