Snort mailing list archives
Re: acid simple question from a noobie
From: Joe McAlerney <joey () SiliconDefense com>
Date: Thu, 09 Aug 2001 12:53:27 -0700
"Dominick, David" wrote:
1) If I am getting no alerts on the network I am scanning with the rules I am using, should Acid be showing anything?
I'm not quite sure what you are asking. Are you using exploits that the rules are looking for to test Snort? That would make sense. Make sure your HOME_NET and/or INTERNAL/EXTERNAL or EXTERNAL_NET variables are set up correctly. In other words, if you have HOME_NET set as 10.0.0.0/24, and EXTERNEL_NET as !$HOME_NET, and the rules you are testing look for $EXTERNAL_NET -> $HOME_NET traffic, then it's possible they won't trigger if you are scanning from the inside.
2) what default acid page should I bring up to view all the information? Index.heml brings up code, acid_graph_main brings up a blank page with "Graph Alert Data" title bar on it.
Just type in the url to the directory acid is in: http://10.0.0.x/acid/ If php is configured correctly on your web server, it should present the start page. From what it sounds like when you pull up index.html, your web server may not be configured with php enabled. Check that it is. Hope this helps, -Joe M. -- | Joe McAlerney joey () silicondefense com | | Silicon Defense - Technical Support for Snort | | http://www.silicondefense.com/ | +-- --+ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- acid simple question from a noobie Dominick, David (Aug 09)
- Re: acid simple question from a noobie Joe McAlerney (Aug 09)