Snort mailing list archives

Re: Flex-Response, anyone using it?

From: James Riden <j.riden () massey ac nz>
Date: Thu, 20 May 2004 15:23:33 +1200

Jason <security () brvenik com> writes:

It will be a few weeks before I can get around to testing it for this
case so if anyone wants to give it a try and confirm functionality
"that would be great".


My setup works at the moment, with snort listening on eth0.

% ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0B:CD:AE:F9:BB
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1469489134 errors:360 dropped:0 overruns:0 frame:286
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1775222552 (1692.9 Mb)  TX bytes:0 (0.0 b)
          Interrupt:7
 
eth1      Link encap:Ethernet  HWaddr 00:0B:CD:AE:F9:18
          inet addr:x.x.x.x  Bcast:x.x.x.x  Mask:255.255.248.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:699472 errors:0 dropped:0 overruns:0 frame:0
          TX packets:337024 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:145021414 (138.3 Mb)  TX bytes:46793743 (44.6 Mb)
          Interrupt:10

%  route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
<localsubnet>   *               255.255.248.0   U     0      0        0 eth1
default         localgateway    0.0.0.0         UG    0      0        0 eth1

It just seemed to work OK out of the box, with minimal fiddling. No
traffic is appearing on the wrong interfaces, etc.

Don't forget... When you report your test results back to the list do
not forget that the TPS report has a new format, didn't you read the
memo.


Er, sorry?

-- 
James Riden / j.riden () massey ac nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/




-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Flex-Response, anyone using it? Dusty Hall (May 19)
- Re: Flex-Response, anyone using it? Paul Schmehl (May 19)
  - Re: Flex-Response, anyone using it? Jason Haar (May 19)
    - Re: Flex-Response, anyone using it? James Riden (May 19)
    - Re: Flex-Response, anyone using it? Jason (May 19)
    - Re: Flex-Response, anyone using it? James Riden (May 19)
    - Re: Flex-Response, anyone using it? Jason (May 20)
    - Re: Flex-Response, anyone using it? Jason (May 26)
    - Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 07)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 07)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 09)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 10)
    - Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 10)
- <Possible follow-ups>
- FW: Flex-Response, anyone using it? IDont ThinkSo (May 20)
  - Re: FW: Flex-Response, anyone using it? Paul Schmehl (May 20)
- RE: Flex-Response, anyone using it? CGhercoias (May 20)

(Thread continues...)