Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort and PF_RING DAQ

From: Peter Bates <peter.bates () ucl ac uk>
Date: Wed, 6 Jun 2012 11:40:32 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

I've been testing a recent Snort and PF_RING (5.4.x) from SVN
and the DAQ bundled with that.

Obviously the DAQ is slightly 'non-standard' as it is not bundled with
the usual DAQ distribution.

During test I notice that the DAQ cannot acquire traffic unless Snort
is running as root - something I've avoided doing with Snort by
specifying a specific user/group with -u and -g for many years.

Is this privilege problem a fault of PF_RING, or a problem with Snort
not dropping privileges at the right point?

Thanks.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division       Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPzzOgAAoJELhVoVpEMS6RhIkH/izHttzTWEBjM5Gi1aRNEs2n
nlW3AGQbrOeV6ZNRTucVThL2sH0qOd3fylDm57Yz1LVhVIWMogzQt3q81ql5uFYf
YmyqXgyunaXX8/Bd3B0UbZ4r//YsJH5o1LKbD91x3+4lQqduFk8x4/CiWlLp9dOt
6HqLt7NPbQSrdvEYAcbiYild7LbhFJ4x5CNH9367D5TxQjO9oP6TnhyemiE0/n3z
SUxz7mMLH1Ap3FISCCW71GcRSpb9r/b6Vyyk67htjm/WQASlyqH3YfsG1DGWhsNf
2dKkM2Aoy2nBdHxKxP7eMa9TWSqHV8EouEcpvn+A6ptHIc8KqzwEFq1ZbCo2sQM=
=FIrk
-----END PGP SIGNATURE-----


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: