Snort mailing list archives
Snort and PF_RING DAQ
From: Peter Bates <peter.bates () ucl ac uk>
Date: Wed, 6 Jun 2012 11:40:32 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all I've been testing a recent Snort and PF_RING (5.4.x) from SVN and the DAQ bundled with that. Obviously the DAQ is slightly 'non-standard' as it is not bundled with the usual DAQ distribution. During test I notice that the DAQ cannot acquire traffic unless Snort is running as root - something I've avoided doing with Snort by specifying a specific user/group with -u and -g for many years. Is this privilege problem a fault of PF_RING, or a problem with Snort not dropping privileges at the right point? Thanks. - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPzzOgAAoJELhVoVpEMS6RhIkH/izHttzTWEBjM5Gi1aRNEs2n nlW3AGQbrOeV6ZNRTucVThL2sH0qOd3fylDm57Yz1LVhVIWMogzQt3q81ql5uFYf YmyqXgyunaXX8/Bd3B0UbZ4r//YsJH5o1LKbD91x3+4lQqduFk8x4/CiWlLp9dOt 6HqLt7NPbQSrdvEYAcbiYild7LbhFJ4x5CNH9367D5TxQjO9oP6TnhyemiE0/n3z SUxz7mMLH1Ap3FISCCW71GcRSpb9r/b6Vyyk67htjm/WQASlyqH3YfsG1DGWhsNf 2dKkM2Aoy2nBdHxKxP7eMa9TWSqHV8EouEcpvn+A6ptHIc8KqzwEFq1ZbCo2sQM= =FIrk -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort and PF_RING DAQ Peter Bates (Jun 06)
- Re: Snort and PF_RING DAQ Jaime Nebrera (Jun 06)
- Re: Snort and PF_RING DAQ Joel Esler (Jun 06)
- Re: Snort and PF_RING DAQ Russ Combs (Jun 06)
- Re: Snort and PF_RING DAQ Jaime Nebrera (Jun 06)
- Re: Snort and PF_RING DAQ Joel Esler (Jun 06)
- Re: Snort and PF_RING DAQ Joel Esler (Jun 06)
- Re: Snort and PF_RING DAQ Jaime Nebrera (Jun 06)