Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: preprocessor portscan2-ignorehosts + "WEBTRAFFIC"

From: "mike Hughes" <mikehughes013 () hotmail com>
Date: Fri, 14 Mar 2003 17:18:22 -0800
Whats Up Jose... actually i am logging portscans to the database and i got ACID to ALERT me by changing this line:
output database: log, mysql, user=snort password=011101 dbname=snort host=127.0.0.1 

  TO:
output database: alert, mysql, user=snort password=snort dbname=snort host=127.0.0.1 


Let me know if have any problems...

MIKE






From: "Jose Ramon Hernandez Macias" <jhernandez () alestra com mx>
To: "mike Hughes" <mikehughes013 () hotmail com>
Subject: RE: [Snort-users] preprocessor portscan2-ignorehosts + "WEBTRAFFIC" 
Date: Fri, 14 Mar 2003 17:41:47 -0600
MIME-Version: 1.0
Received: from mail ([207.248.229.8]) by mc7-f10.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 14 Mar 2003 15:42:33 -0800 Received: from 207.248.229.7 by mail (InterScan E-Mail VirusWall NT); Fri, 14 Mar 2003 17:40:15 -0600 (Central Standard Time) 
X-Message-Info: JGTYoYF78jEHjJx36Oi8+Q1OJDRSDidP
X-Mailer: Lotus Notes Release 5.0.7  March 21, 2001
Message-ID: <OF5BDF05DF.9E325237-ON86256CE9.008205B8 () e-alestra com>
X-MIMETrack: Serialize by Router on SMTPGTW/Alestra(Release 5.0.10 |March 22, 2002) at 03/14/2003 05:42:26 PM 
Return-Path: jhernandez () alestra com mx
X-OriginalArrivalTime: 14 Mar 2003 23:42:34.0390 (UTC) FILETIME=[63179360:01C2EA83] 


Hi Mike,

By the way, how did you get ACID working with portscan2 preprocessor?,
you´re not logging to a database, are you?

Jose
"Rapidity is the essence of war: take advantage of the enemy´s unreadiness,
make your way by unexpected routes, and attack unguarded spots." -- Sun Tzu




                      "mike Hughes"
<mikehughes013 () hotmail com> To: snort-users () lists sourceforge net 
                      Sent by:                            cc:
snort-users-admin () lists sour Subject: RE: [Snort-users] preprocessor portscan2-ignorehosts + "WEBTRAFFIC" 
                      ceforge.net


                      14/03/2003 16:47






Hey Guys!

I tyred both ways and 1 works: THIS ONE WORKS
*For anyone else who has this problem too*

preprocessor portscan2-ignorehosts: $DNS_SERVERS $eth0_ADDRESS

The other one brings back this error:
FATAL ERROR: ERROR /etc/snort/snort.conf (398) => Rule IP addr
(192.168.0.1,192.173.0.0) didn't x-late, WTF?

}




_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail



-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail 



-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: 
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: