Snort mailing list archives

Re: Snort DB query question.

From: WTWork <securitygauntlet () snet net>
Date: Fri, 25 Oct 2002 01:21:52 -0400

Sound like script time. If you need to query that many IPs maybe you aredoing something wrong or just wanting to much data. I think some of the keythings to think of here areL

Keep it simple
Set priority of events you NEED to see
Drill down into critical targets

If ya need to get the data that bad then you can use wild card * in thestring and it should show all the 10.0.0.* addresses


Good luck

At 10:22 PM 10/24/2002 -0400, larosa, vjay wrote:

Hello,

I have a question that has been bugging me since I started using the
database output plugin
with snort. Why are the IP addresses stored in the DB in the 32 bit format?
What is the advantage?
I know there must be something I don't know. I know the SELECT
inet_ntoa(ip_src) ...... trick to convert
the IP's back to human readable format, but what if I want to search for a
CDIR block like 10.10.0.0/16?
How would this be done? Is it possible?

Thanks!

vjl



V.Jay LaRosa                           EMC Corporation
Information Security                  171 South Street
(508)249-3355 office                  Hopkinton, MA 01748
(508)498-5575 cell                     www.emc.com
(888-799-9750 pager                  larosa_vjay () emc com
(508)497-8082 fax



-------------------------------------------------------
This sf.net email is sponsored by: Influence the future
of Java(TM) technology. Join the Java Community
Process(SM) (JCP(SM)) program now.
http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0003en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------

This sf.net email is sponsored by: Influence the futureof Java(TM) technology. Join the Java CommunityProcess(SM) (JCP(SM)) program now.http://ads.sourceforge.net/cgi-bin/redirect.pl?sunm0004en

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort DB query question. larosa, vjay (Oct 24)
- Re: Snort DB query question. Michael Boman (Oct 24)
- <Possible follow-ups>
- RE: Snort DB query question. larosa, vjay (Oct 24)
- RE: Snort DB query question. Kreimendahl, Chad J (Oct 24)
- Re: Snort DB query question. WTWork (Oct 24)