Snort mailing list archives
My settings and output of 3 test on snort, is this normal?
From: "mike Hughes" <mikehughes013 () hotmail com>
Date: Thu, 06 Mar 2003 02:58:21 -0800
Hey Guys,I got SNORT up and running :)))))I just have been playing around with it and running some test: i will give you my LAYOUT first of my network and my snort.conf file.
***1 FIREWALL(IPTABLES"DEFAULT POLICY SET TO DROP")Connected to the internet + running SNORT on it + DNS Server for my LAN***
***And behind that machine i have 2 windows computers on my LAN*** INTERNET--->FIREWALL(SNORT)---->LANFirst just to see if it was working properly i pinged the firewall machine from a machine on a different network with the SIZE set to 65500 and SNORT picked it up :)
1>But then i went to www.GRC.com and PROBED my PORTS from a windows machine on the LAN and my FIREWALL machine and SNORT DIDNT pick that up?
2>Then i ran "NMAP -sS -P0 -v -p 1-1024 111.111.111.111" from a machine on a differnt network and i got like "10-15 alerts" like this in "TCP ICMP" but nothing in "portscan"
3>Somehting like 5 each of these is this normal for a acan like that??? SNMP request tcp SNMP trap tcp SNMP AgentX/tcp request var HOME_NET any var EXTERNAL_NET $eth0_ADDRESS var DNS_SERVERS $HOME_NET var SMTP_SERVERS $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET var TELNET_SERVERS $HOME_NET var HTTP_PORTS 80 var SHELLCODE_PORTS !80 var ORACLE_PORTS 1521var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
preprocessor frag2 preprocessor stream4: detect_scans, disable_evasion_alerts preprocessor stream4_reassemblepreprocessor http_decode: 80 unicode iis_alt_unicode double_encode iis_flip_slash full_whitespace
preprocessor rpc_decode: 111 32771 preprocessor bo: -nobrute preprocessor telnet_decodepreprocessor conversation: allowed_ip_protocols all, timeout 60, max_conversations 32000 output database: log, mysql, user=snort password=:) dbname=snort host=127.0.0.1
include classification.config include reference.config include bad-traffic.rules include exploit.rules include scan.rules include finger.rules include ftp.rules include telnet.rules include rpc.rules include rservices.rules include dos.rules include ddos.rules include dns.rules include tftp.rules include web-cgi.rules include web-coldfusion.rules include web-iis.rules include web-frontpage.rules include web-misc.rules include web-client.rules include web-php.rules include sql.rules include x11.rules include icmp.rules include netbios.rules include misc.rules include attack-responses.rules include oracle.rules include mysql.rules include snmp.rules include smtp.rules include imap.rules include pop3.rules include pop2.rules include nntp.rules include other-ids.rules include experimental.rules include local.rules _________________________________________________________________Add photos to your messages with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail
-------------------------------------------------------This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- My settings and output of 3 test on snort, is this normal? mike Hughes (Mar 06)
- Re: My settings and output of 3 test on snort, is this normal? Bamm Visscher (Mar 06)
- <Possible follow-ups>
- Re: My settings and output of 3 test on snort, is this normal? mike Hughes (Mar 06)
- Re: My settings and output of 3 test on snort, is this normal? Erek Adams (Mar 06)
- Re: My settings and output of 3 test on snort, is this normal? Nigel Houghton (Mar 10)