Snort mailing list archives
RE: new user, great product, but ...
From: twig les <twigles () yahoo com>
Date: Tue, 22 Apr 2003 13:50:51 -0700 (PDT)
The vuln is the first piece of news on www.snort.org. I agree with the beta stance, but we're in a tight spot here. --- "Allen, Garrett" <Garrett.Allen () ser com> wrote:
sorry. red hat 8.0. thanks for the tips. 2.0 shows as beta on the snort.org web page and i try to avoid beta software. might i enquire as to the nature of the vulnerability? thanks. -----Original Message----- From: twig les [mailto:twigles () yahoo com] Sent: Tuesday, April 22, 2003 4:37 PM To: Allen, Garrett; 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] new user, great product, but ... You didn't mention your OS, but since you have a /var I can safely suggest quotas to at least make sure /var doesn't hit %100. Once you get mysql up you can stop logging to the flat text. If you are wondering if there is a method of making a signature fire once/100 alerts or something like that then I don't think that exists. BTW, 1.9.1 has a vulnerability so as long as you're doing a fresh install you might as well use 2.0. --- "Allen, Garrett" <Garrett.Allen () ser com> wrote:heys, installed version 1.9.1 (build 231) of the pink beastie.veryinteresting results captured from our network. pointed to a potential issue with xp configs. i'm generating log files, haven't quite got the mastery of mysql installation yet. anyways, here's the question: the very day i started using snort for real was the day oneofour wandering sales minstrals returns with an ms-sql worm. it momentarily shut down our net when he fired up his machine, then went for coffee, flooding the network with traffic as a worm is want to do. we were able toquicklydetect where the problem originated from and shut the machine down. butinthe meantime snort generated enough log files to fill /var. ouch. anywayto slow down the volume of log entries? any other operational tips? thanks in advance. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- new user, great product, but ... Allen, Garrett (Apr 22)
- Re: new user, great product, but ... twig les (Apr 22)
- Re: new user, great product, but ... Erek Adams (Apr 23)
- <Possible follow-ups>
- RE: new user, great product, but ... Allen, Garrett (Apr 22)
- RE: new user, great product, but ... twig les (Apr 22)
- Re: new user, great product, but ... Michael Anderson (Apr 22)
- Re: new user, great product, but ... Neil Dickey (Apr 22)
- RE: new user, great product, but ... Allen, Garrett (Apr 22)