Snort mailing list archives
Re: new user, great product, but ...
From: Michael Anderson <mca () arlut utexas edu>
Date: Tue, 22 Apr 2003 15:53:05 -0500
Allen,Check out snort.org. The first news article on the main page describes the vulnerability and has a link to download snort 2.0. Snort 2.0 was officially released April 14th or thereabouts.
-Mike Allen, Garrett wrote:
sorry. red hat 8.0. thanks for the tips. 2.0 shows as beta on the snort.org web page and i try to avoid beta software. might i enquire as to the nature of the vulnerability? thanks. -----Original Message----- From: twig les [mailto:twigles () yahoo com] Sent: Tuesday, April 22, 2003 4:37 PM To: Allen, Garrett; 'snort-users () lists sourceforge net' Subject: Re: [Snort-users] new user, great product, but ... You didn't mention your OS, but since you have a /var I can safely suggest quotas to at least make sure /var doesn't hit %100. Once you get mysql up you can stop logging to the flat text. If you are wondering if there is a method of making a signature fire once/100 alerts or something like that then I don't think that exists. BTW, 1.9.1 has a vulnerability so as long as you're doing a fresh install you might as well use 2.0. --- "Allen, Garrett" <Garrett.Allen () ser com> wrote:heys, installed version 1.9.1 (build 231) of the pink beastie. very interesting results captured from our network. pointed to a potential issue with xp configs. i'm generating log files, haven't quite got the mastery of mysql installation yet. anyways, here's the question: the very day i started using snort for real was the day one of our wandering sales minstrals returns with an ms-sql worm. it momentarily shut down our net when he fired up his machine, then went for coffee, flooding the network with traffic as a worm is want to do. we were able to quickly detect where the problem originated from and shut the machine down. but in the meantime snort generated enough log files to fill /var. ouch. any way to slow down the volume of log entries? any other operational tips? thanks in advance. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users===== -----------------------------------------------------------Know yourself and know your enemy and you will never fear defeat. -----------------------------------------------------------__________________________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo http://search.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- new user, great product, but ... Allen, Garrett (Apr 22)
- Re: new user, great product, but ... twig les (Apr 22)
- Re: new user, great product, but ... Erek Adams (Apr 23)
- <Possible follow-ups>
- RE: new user, great product, but ... Allen, Garrett (Apr 22)
- RE: new user, great product, but ... twig les (Apr 22)
- Re: new user, great product, but ... Michael Anderson (Apr 22)
- Re: new user, great product, but ... Neil Dickey (Apr 22)
- RE: new user, great product, but ... Allen, Garrett (Apr 22)