Snort mailing list archives
Re: Flex-Response, anyone using it?
From: James Riden <j.riden () massey ac nz>
Date: Thu, 20 May 2004 15:23:33 +1200
Jason <security () brvenik com> writes:
It will be a few weeks before I can get around to testing it for this case so if anyone wants to give it a try and confirm functionality "that would be great".
My setup works at the moment, with snort listening on eth0. % ifconfig eth0 Link encap:Ethernet HWaddr 00:0B:CD:AE:F9:BB UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1469489134 errors:360 dropped:0 overruns:0 frame:286 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1775222552 (1692.9 Mb) TX bytes:0 (0.0 b) Interrupt:7 eth1 Link encap:Ethernet HWaddr 00:0B:CD:AE:F9:18 inet addr:x.x.x.x Bcast:x.x.x.x Mask:255.255.248.0 UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:699472 errors:0 dropped:0 overruns:0 frame:0 TX packets:337024 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:145021414 (138.3 Mb) TX bytes:46793743 (44.6 Mb) Interrupt:10 % route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface <localsubnet> * 255.255.248.0 U 0 0 0 eth1 default localgateway 0.0.0.0 UG 0 0 0 eth1 It just seemed to work OK out of the box, with minimal fiddling. No traffic is appearing on the wrong interfaces, etc.
Don't forget... When you report your test results back to the list do not forget that the TPS report has a new format, didn't you read the memo.
Er, sorry? -- James Riden / j.riden () massey ac nz / Systems Security Engineer Information Technology Services, Massey University, NZ. GPG public key available at: http://www.massey.ac.nz/~jriden/ ------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Flex-Response, anyone using it? Dusty Hall (May 19)
- Re: Flex-Response, anyone using it? Paul Schmehl (May 19)
- Re: Flex-Response, anyone using it? Jason Haar (May 19)
- Re: Flex-Response, anyone using it? James Riden (May 19)
- Re: Flex-Response, anyone using it? Jason (May 19)
- Re: Flex-Response, anyone using it? James Riden (May 19)
- Re: Flex-Response, anyone using it? Jason (May 20)
- Re: Flex-Response, anyone using it? Jason (May 26)
- Re: Flex-Response, anyone using it? Jason Haar (May 19)
- Re: Flex-Response, anyone using it? Paul Schmehl (May 19)
- Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 07)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 07)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 09)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... soldier Mx (Jun 10)
- Re: Upgrading snort 2.0.* to -> 2.1.2 , and now i cant .... Michael Boman (Jun 10)
- <Possible follow-ups>
- FW: Flex-Response, anyone using it? IDont ThinkSo (May 20)
- Re: FW: Flex-Response, anyone using it? Paul Schmehl (May 20)
- RE: Flex-Response, anyone using it? CGhercoias (May 20)