Snort mailing list archives
Re: snort process getting killed
From: "doug schmidt" <douglas.j.schmidt () gmail com>
Date: Wed, 16 May 2007 10:20:36 -0400
Will test with ac-bnfa; right now running with acs Here is some config's: (removed IP's in var's) /usr/local/bin/snort -u snort -g snort -d -o -i iprb1 -c /etc/snort/snort.conf -D # cat /etc/snort/snort.conf | grep -v "^#" var HOME_NET var PUBLIC_IP var MS_INTERNAL var EXTERNAL_NET !$HOME_NET var DNS_SERVERS var SMTP_SERVERS var HTTP_SERVERS $HOME_NET var SQL_SERVERS var TELNET_SERVERS $HOME_NET var SNMP_SERVERS var HTTP_PORTS 80 var SHELLCODE_PORTS !80 var ORACLE_PORTS 1521 var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] var RULE_PATH /etc/snort/rules config detection: search-method acs preprocessor flow: stats_interval 0 hash 2 preprocessor frag2 preprocessor stream4: disable_evasion_alerts preprocessor stream4_reassemble preprocessor http_inspect: global \ iis_unicode_map unicode.map 1252 preprocessor http_inspect_server: server default \ profile all ports { 80 8080 8180 } oversize_dir_length 500 preprocessor rpc_decode: 111 32771 preprocessor bo preprocessor telnet_decode output database: alert, mysql, user=xxx host=localhost dbname=snort detail=full include classification.config include reference.config include $RULE_PATH/local.rules include $RULE_PATH/bad-traffic.rules include $RULE_PATH/exploit.rules include $RULE_PATH/scan.rules include $RULE_PATH/finger.rules include $RULE_PATH/ftp.rules include $RULE_PATH/telnet.rules include $RULE_PATH/rpc.rules include $RULE_PATH/rservices.rules include $RULE_PATH/dos.rules include $RULE_PATH/ddos.rules include $RULE_PATH/dns.rules include $RULE_PATH/tftp.rules include $RULE_PATH/web-cgi.rules include $RULE_PATH/web-coldfusion.rules include $RULE_PATH/web-iis.rules include $RULE_PATH/web-frontpage.rules include $RULE_PATH/web-misc.rules include $RULE_PATH/web-client.rules include $RULE_PATH/web-php.rules include $RULE_PATH/sql.rules include $RULE_PATH/x11.rules include $RULE_PATH/icmp.rules include $RULE_PATH/netbios.rules include $RULE_PATH/misc.rules include $RULE_PATH/attack-responses.rules include $RULE_PATH/oracle.rules include $RULE_PATH/mysql.rules include $RULE_PATH/snmp.rules include $RULE_PATH/smtp.rules include $RULE_PATH/imap.rules include $RULE_PATH/pop2.rules include $RULE_PATH/pop3.rules include $RULE_PATH/nntp.rules include $RULE_PATH/other-ids.rules include $RULE_PATH/web-attacks.rules include $RULE_PATH/backdoor.rules include $RULE_PATH/shellcode.rules include $RULE_PATH/policy.rules include $RULE_PATH/porn.rules include $RULE_PATH/info.rules include $RULE_PATH/icmp-info.rules include $RULE_PATH/virus.rules include $RULE_PATH/chat.rules include $RULE_PATH/multimedia.rules include $RULE_PATH/p2p.rules include $RULE_PATH/experimental.rules ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort process getting killed doug schmidt (May 15)
- <Possible follow-ups>
- Re: snort process getting killed doug schmidt (May 15)
- Message not available
- Re: snort process getting killed doug schmidt (May 15)
- Re: snort process getting killed Joel Esler (May 15)
- Re: snort process getting killed doug schmidt (May 16)
- Re: snort process getting killed Joel Esler (May 16)
- Re: snort process getting killed doug schmidt (May 16)
- Re: snort process getting killed Todd Wease (May 16)
- Re: snort process getting killed doug schmidt (May 16)
- Re: snort process getting killed doug schmidt (May 16)
- Re: [RGSPAM] Re: snort process getting killed Joel Esler (May 16)
- Re: [RGSPAM] Re: snort process getting killed Matt Kettler (May 16)
- Re: [RGSPAM] Re: snort process getting killed doug schmidt (May 16)
- Message not available
- Re: snort process getting killed Nigel Houghton (May 16)
- Re: snort process getting killed Todd Wease (May 16)
- Re: snort process getting killed Nigel Houghton (May 16)
- Re: snort process getting killed doug schmidt (May 16)