Snort mailing list archives
Re: Snort not seeing all traffic?
From: PJ <p.jones.ml () xsb com>
Date: Thu, 24 Apr 2003 14:36:23 -0400
Ok, following what you said, I looked for the preprocessor lines in my config and saw nothing for portscan2, I created the preprocessor, though I was wondering if I should leave all the values blank?
Also, I checked the rules and noted that the ones I was concerned about (cmd.exe ...) are activated...why would Snort not see this type of attack (my guess is several reasons, all that are beyond my education level at this moment I fear)?
Thanks for all the help folks. ~PJ At 08:48 AM 4/24/2003 -0700, Erick Mechler wrote:
:: I am referring to "alerts" I guess... With that said, I can not find:: "rules" via snort-center, that pertain to port scanning and or the exploits:: like cmd.exe and root.exe... As for the rest, should I run something like :: Ethereal and check traffic that way? Portscanning is taken care of via the portscan2 preprocessor (Config Types --> Preprocessors --> Create preprocessors). As for the cmd.exe and root.exe rules, check SIDs 1661, 1002, and 1256 among others. Re: Ethereal, that's just a sniffer, so unless you actually want to look through all your packets looking for bad stuff, I'd just stick with customizing your Snort rulebase to fit your needs. Cheers - Erick
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort not seeing all traffic? Patrick Jones (Apr 23)
- Re: Snort not seeing all traffic? Matt Kettler (Apr 23)
- RE: Snort not seeing all traffic? PJ-ML (Apr 24)
- Re: Snort not seeing all traffic? Erick Mechler (Apr 24)
- Snort is not seeing all traffic... PJ-ML (May 07)
- Re: Snort is not seeing all traffic... Matt Kettler (May 08)
- Re: Snort is not seeing all traffic... PJ-ML (May 08)
- RE: Snort not seeing all traffic? PJ-ML (Apr 24)
- Re: Snort not seeing all traffic? Matt Kettler (Apr 23)
- Re: Snort not seeing all traffic? Erick Mechler (Apr 24)
- Re: Snort not seeing all traffic? PJ (Apr 24)
- Re: Snort not seeing all traffic? Erick Mechler (Apr 24)
- <Possible follow-ups>
- Re: Snort not seeing all traffic? PJ (Apr 24)