Re: (no subject)

[Erek Adams <erek () snort org>]

On Tue, 8 Apr 2003, ryan stangl wrote:

> I was hoping that someone could help me, I am running snort 1.9 on
> Win2K.  I got it to run and on our little moch network I can see other
> computers trying to get in, for example I can see a ping, or a sweep.  So
> I assumed that it was working.  Then I wanted to see if I could get one
> of my rules to work, so I added a rules text where all the other rules
> where, and gave it a .rules extension, I made just a simple one alert tcp
> <ip/24>500:2000 -> <ip/24> any.  Then in the snort config file I placed a
> # in front of all of the rules listed and added a path to the rule file I
> made.  My thinking was that I would recieve only instances that I
> specified where anything coming from not my computer between port 500 and
> 2000 trying to go to my computer by any port, but that wasn't the case, I
> was getting everything as I was before, comming from any port.  It seemed
> A.) that my rule file wasn't working, and B.) that all the rule files
> where activated again, WHY IS THIS.  If anyone can help me out here it
> would be greatly appreciated.  Thanks

Either you didn't restart snort after you made the change, or you are
using a different config file than the one you edited.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users