Snort mailing list archives
Re: Snort-users Digest, Vol 46, Issue 32
From: "Tushar Modi" <TusharM () easymatch com>
Date: Thu, 25 Mar 2010 12:06:35 -0400
I just found we are using version 2.6 not 2.4. I would like to know, how to update to newer version with latest signature. Thanks Tushar Modi Sr. Network Analyst JK Group Inc. work:(609) 799-7830 Ext. 13732 Fax:(609)799-8019 Integrated Solutions for Global Philanthropy -----Original Message----- From: snort-users-request () lists sourceforge net [mailto:snort-users-request () lists sourceforge net] Sent: Wednesday, March 24, 2010 4:00 PM To: snort-users () lists sourceforge net Subject: Snort-users Digest, Vol 46, Issue 32 Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. Re: How many ports is considered a portsweep/portscan? (Nerijus Krukauskas) 2. Tap and Hub (D. Hofstee) 3. Re: Tap and Hub (Nick Moore) 4. Re: snort information (Tushar Modi) ---------------------------------------------------------------------- Message: 1 Date: Wed, 24 Mar 2010 20:14:02 +0200 From: Nerijus Krukauskas <nkrukauskas () gmail com> Subject: Re: [Snort-users] How many ports is considered a portsweep/portscan? To: Joel Esler <joel.esler () me com> Cc: "snort-users () lists sourceforge net" <snort-users () lists sourceforge net> Message-ID: <951e50da1003241114y414e3f84u5696e746286b46ba () mail gmail com> Content-Type: text/plain; charset=UTF-8 On 2010-03-24, Joel Esler <joel.esler () me com> wrote:
Ah. That makes sense. Tip: reply to all?
Hate this feature, when replying to mailing list post. In good old days :) the mailing list posts ALL had reply-to mapped to mailing list. Now it's different with each list... OK, this is starting to look like old man whining... Gotta stop it. :) -- http://nk99.org/ ------------------------------ Message: 2 Date: Wed, 24 Mar 2010 20:14:09 +0100 From: "D. Hofstee" <hofstee () gmail com> Subject: [Snort-users] Tap and Hub To: snort-users () lists sourceforge net Message-ID: <6b35b1711003241214rc4f8a98l194d4222c5277347 () mail gmail com> Content-Type: text/plain; charset="utf-8" ---------- Forwarded message ---------- From: D. Hofstee <hofstee () gmail com> Date: Wed, Mar 24, 2010 at 8:13 PM Subject: Re: [Snort-users] Tap and Hub To: Eoin Miller <eoin.miller () trojanedbinaries com> well, for the sake of being curious: how do people monitor inter-server traffic? A tap in front of the switch doesn't do the job. bye, David On Wed, Mar 24, 2010 at 7:11 PM, Eoin Miller < eoin.miller () trojanedbinaries com> wrote:
Here is a good article/writeup about this: http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html -- Eoin On 3/24/2010 4:12 PM, akos.daniel () db-soft hu wrote:Hi, What is the difference between a network hub and a network tap? Maybe a stupid question, but is there a "gigabit hub" on the market
or
forgigabit should I look for a tap? (span port is not possible in my case...) Thanks for the info. Akos
------------------------------------------------------------------------ ------
Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------ ------
Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0AS nort-users>list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 3 Date: Wed, 24 Mar 2010 14:17:56 -0500 From: Nick Moore <nmoore () sourcefire com> Subject: Re: [Snort-users] Tap and Hub To: "D. Hofstee" <hofstee () gmail com> Cc: snort-users () lists sourceforge net Message-ID: <5c039a921003241217u3d040873ge9cc553037d677b0 () mail gmail com> Content-Type: text/plain; charset="iso-8859-1" David, That's why larger switches have the SPAN feature. In essence, it repeats the traffic of some or all the other switch ports out a designated port for sniffers or IDS sensors. Here's more info: http://www.enterprisenetworkingplanet.com/nethub/article.php/3766701 http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note 09186a008015c612.shtml Nick On Wed, Mar 24, 2010 at 2:14 PM, D. Hofstee <hofstee () gmail com> wrote:
---------- Forwarded message ---------- From: D. Hofstee <hofstee () gmail com> Date: Wed, Mar 24, 2010 at 8:13 PM Subject: Re: [Snort-users] Tap and Hub To: Eoin Miller <eoin.miller () trojanedbinaries com> well, for the sake of being curious: how do people monitor
inter-server
traffic? A tap in front of the switch doesn't do the job. bye, David On Wed, Mar 24, 2010 at 7:11 PM, Eoin Miller < eoin.miller () trojanedbinaries com> wrote:Here is a good article/writeup about this: http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html -- Eoin On 3/24/2010 4:12 PM, akos.daniel () db-soft hu wrote:Hi, What is the difference between a network hub and a network tap? Maybe a stupid question, but is there a "gigabit hub" on the market
or
forgigabit should I look for a tap? (span port is not possible in my case...) Thanks for the info. Akos
------------------------------------------------------------------------ ------
Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------ ------
Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0AS nort-users>list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------ ------
Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Nick Moore, SFCE, CISSP, CISA Sr. Systems Engineer Voice 708-336-9041 Email nick.moore () sourcefire com IM nickgmoore (Yahoo) nickgmoore38 (AIM) ,,_ o" )~ Sourcefire - The Creators of Snort '''' www.sourcefire.com www.snort.org -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ Message: 4 Date: Wed, 24 Mar 2010 15:47:22 -0400 From: "Tushar Modi" <TusharM () easymatch com> Subject: Re: [Snort-users] snort information To: <snort-users () lists sourceforge net.> Message-ID: <9DAE5CA10EF4154AA7927184AF08AAFC01FC6DDE@ntserver43.JKGROUP.Internal> Content-Type: text/plain; charset="us-ascii" Hi, We are using older Snort 2.4 version and we would like to upgrade it to 2.8 latest version. We are running older version in windows 2003 server. If you please send us information , how to upgrade to 2.8 in windows 2003 server. I downloaded current version from your web site but I really do not know how to upgrade and what is quickest method to upgrade to latest version. I appreciate it, If you please provide us information so we can upgrade latest version with the current signature. Thanks, Tushar Modi Sr. Network Analyst JK Group Inc. work:(609) 799-7830 Ext. 13732 Fax:(609)799-8019 Integrated Solutions for Global Philanthropy From: Mike Guiterman [mailto:mguiterman () sourcefire com] Sent: Wednesday, March 24, 2010 3:41 PM To: Tushar Modi Subject: Re: snort information Check out the set-up guides here: http://www.snort.org/docs/setup-guides/. If you don't find one that matches to your platform you should ask the snort-users mailing list. Someone in the community may be able to provide guidance. -mg On Wed, Mar 24, 2010 at 3:31 PM, Tushar Modi <TusharM () easymatch com> wrote: Hi Mike, Thank you for this quick reply, we are running 2.4 so how can I upgrade it to 2.8. What is a process to upgrade current version. If you please provide us a doc. With where and how to upgrade it. I appreciate it. Thanks, Tushar Modi Sr. Network Analyst JK Group Inc. work:(609) 799-7830 Ext. 13732 Fax:(609)799-8019 Integrated Solutions for Global Philanthropy From: Mike Guiterman [mailto:mguiterman () sourcefire com] Sent: Wednesday, March 24, 2010 3:27 PM To: Tushar Modi Cc: snort-team () sourcefire com Subject: Re: snort information Hi Tushar, You've got to upgrade your Snort Install. Snort is currently at version 2.8.5.3. Snort 2.4 hasn't been supported for quite some time. Regards, Mike -- Mike Guiterman Snort Community Manager Sourcefire, Inc. mguiterman () sourcefire com 410.423.1930 (office) 703.400.4091 (mobile) On Wed, Mar 24, 2010 at 3:23 PM, Tushar Modi <TusharM () easymatch com> wrote: Hi, We are using your snort IDS version 2.4 and we would like to update the signature with the current version. I appreciate it, if you please provide us information to update the signature with the current version. Thanks, Tushar Modi Sr. Network Analyst JK Group Inc. work:(609) 799-7830 Ext. 13732 Fax:(609)799-8019 Integrated Solutions for Global Philanthropy -------------- next part -------------- An HTML attachment was scrubbed... ------------------------------ ------------------------------------------------------------------------ ------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev ------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-users End of Snort-users Digest, Vol 46, Issue 32 ******************************************* ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort-users Digest, Vol 46, Issue 32 Tushar Modi (Mar 25)
- Re: Snort-users Digest, Vol 46, Issue 32 Joel Esler (Mar 25)