Snort mailing list archives
RE: Cant see alert for rule
From: "Tom Fulton" <tfulton9909 () comcast net>
Date: Wed, 2 Jun 2004 13:37:04 -0700
I pulled out my Linksys switch and put in an old 10/100 5-port workgroup hub. Same problem. Any one have any ideas? thanks -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Tom Fulton Sent: Wednesday, June 02, 2004 12:37 PM To: Snort-users () lists sourceforge net Subject: [Snort-users] Cant see alert for rule 1) Snort 2.0.6 on linux 2) Three pcs: 1 2 3 w2kPC victim linux attacker linux snort box 3) I run: Snort -d -e -v -c /etc/snort/snort.conf (no errors) 4) Rule in <file://ftp.rules> ftp.rules is: Alert tcp any any -> any 21 (content: "USER administrator"; msg: "FTP administrator login attempt";) 5) When I run: ftp <IPVictim> from linux attacker, I don't get any rules fired on my snort box. 6) I have a Gigabit Linksys 5-port workgroup switch between them all Why am I not able to see the alert? Thanks!
Current thread:
- Cant see alert for rule Tom Fulton (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- Re: Cant see alert for rule Jeff Coppock (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- Re: Cant see alert for rule Jeff Coppock (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- <Possible follow-ups>
- RE: Cant see alert for rule Harper, Patrick (Jun 02)
- Re: Cant see alert for rule SN ORT (Jun 03)
- HOME_NET question sart (Jun 03)
- RE: Cant see alert for rule Tom Fulton (Jun 03)