Snort mailing list archives
Re: Snort as Network Intrusion Detection system - Help Needed
From: Erek Adams <erek () snort org>
Date: Tue, 4 Mar 2003 18:15:49 -0500 (EST)
On Tue, 4 Mar 2003, Sadanapalli, Pradeep Kumar (MED, TCS) wrote: [...snip...]
Whenever it detects a scan on a port, it first tries to resolve the IP address vis DNS Lookup. If the IP is resolved, it replaces the IP with the hostname and logs. If the IP is not resolved, it will not query back via NetBIOS, but just logs the event. Now I would like to run SNORT as an Intrusion Detection System on my Linux Desktop running RedHat Linux 8.0 with snort-1.9.0 . My Linux Box is in the LAN. I would also like to achieve the above functionality with snort. Please help in achieving this . What should I configure in my snort.conf file? Do I need to edit the rules database? Any guidance is appreciated.
Snort doesn't do this, as DNS lookups take time out from processing what really matters, 'packets on the wire'. You'll have to do something to post-process the snort logs if you really need to see a hostname.... Besides, what's wrong with "nslookup <foo>"? :) Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort as Network Intrusion Detection system - Help Needed Sadanapalli, Pradeep Kumar (MED, TCS) (Mar 04)
- Re: Snort as Network Intrusion Detection system - Help Needed Erek Adams (Mar 04)
- Re: Snort as Network Intrusion Detection system - Help Needed Paul Schmehl (Mar 04)
- Re: Snort as Network Intrusion Detection system - Help Needed Erek Adams (Mar 04)