Snort mailing list archives
Too many questions
From: "Alireza Naderi" <alireza () panaisp net>
Date: Wed, 20 Nov 2002 23:17:17 +0330 (IRT)
Hi All I have too many questions about snort and its configuration If any one know the answers, kindly explian it or tell me how can i find the answers (documents and etc) 1.how can i tell to snort that classification the alerts to for example critical and normal ,...? 2.how can i tell to it that will mailing the critical alerts? 3.what is sensor_name in configuration files and which work is that doing? 4.what is TAC_Pipe_1 that i read in snort documents (freebsd) had written that "sensor_name=TAC_Pipe_1"? 5.how can i configure it that will not making alerts if the 192.168.12.3 attempt to snmp and make alerts if that ip attempt to other types of attack? 6.how can i tell to snort that block the source address of icmp attack or other kinds of attack? 7.is it possible that it execute a command on the remote machine for example change the password if detect a specific attack? 8.how can i tell to snort that listen on two nic (eth0, eth1)? Thanks in advance Alireza ------------------------------------------------------- This sf.net email is sponsored by: Battle your brains against the best in the Thawte Crypto Challenge. Be the first to crack the code - register now: http://www.gothawte.com/rd521.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Too many questions Alireza Naderi (Nov 20)
- Re: Too many questions Matt Kettler (Nov 20)
- Re: Too many questions Robby Desmond (Nov 20)