Snort mailing list archives
RE: (no subject)
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Wed, 9 Apr 2003 09:03:54 -0600
Easier way to try this out is make a copy of your snort.conf file and create a new one that uses that one rule only. -----Original Message----- From: ryan stangl [mailto:sanbarstangl () hotmail com] Sent: Tuesday, April 08, 2003 4:54 PM To: snort-users () lists sourceforge net Subject: [Snort-users] (no subject) I was hoping that someone could help me, I am running snort 1.9 on Win2K. I got it to run and on our little moch network I can see other computers trying to get in, for example I can see a ping, or a sweep. So I assumed that it was working. Then I wanted to see if I could get one of my rules to work, so I added a rules text where all the other rules where, and gave it a .rules extension, I made just a simple one alert tcp <ip/24>500:2000 -> <ip/24> any. Then in the snort config file I placed a # in front of all of the rules listed and added a path to the rule file I made. My thinking was that I would recieve only instances that I specified where anything coming from not my computer between port 500 and 2000 trying to go to my computer by any port, but that wasn't the case, I was getting everything as I was before, comming from any port. It seemed A.) that my rule file wasn't working, and B.) that all the rule files where ! activated again, WHY IS THIS. If anyone can help me out here it would be greatly appreciated. Thanks Ryan _____ MSN 8 helps ELIMINATE E-MAIL <http://g.msn.com/8HMUENUS/2752> VIRUSES. Get 2 months FREE*. ------------------------------------------------------- This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- (no subject) saud (Apr 04)
- Re: (no subject) (how to unsubscribe) Matt Kettler (Apr 04)
- <Possible follow-ups>
- (no subject) fjy (Apr 06)
- Re: (no subject) Joe Hill (Apr 06)
- (no subject) shuuichi_numazawa (Apr 06)
- RE: (no subject) Paul D. Shaffer (Apr 06)
- RE: (no subject) shuuichi_numazawa (Apr 06)
- (no subject) ryan stangl (Apr 08)
- Re: (no subject) Erek Adams (Apr 08)
- RE: (no subject) Don Weber (Apr 08)
- RE: (no subject) Slighter, Tim (Apr 09)
- (no subject) Cory D. (Apr 09)
- (no subject) KD Rajkumar (Apr 13)
- RE: (no subject) Ryan Finnesey (Apr 13)
- (no subject) John Sage (Apr 14)
- (no subject) Robin Johnson (May 29)
- Re: (no subject) Erick Mechler (May 29)
- Re: (no subject) Patrick S. Harper (May 29)
- RE: (no subject) Robin Johnson (May 30)
- RE: (no subject) Robin Johnson (May 30)
- RE: (no subject) Brian Gregorcy (May 30)
(Thread continues...)