Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ramen worm and Snort log entry

From: Brian Caswell <bmc () mitre org>
Date: Sun, 17 Jun 2001 11:12:35 -0400
Subba Rao wrote:

The following are the preprocessors in the snort.conf file. I have changed the
IP addresses of the systems/network here.

====================================================================
var INTERNAL  192.168.1.0/24
var EXTERNAL !$INTERNAL
var DNS_SERVERS 192.168.1.5/24

preprocessor http_decode: 80 8080
preprocessor minfrag: 128
preprocessor portscan: 1.1.1.1/2 5 3 portscan.log
preprocessor portscan-ignorehosts: 192.168.1.0/24

#include /usr/security/snort/etc/snort-vision.conf

output alert_full: alert
====================================================================

Why is Snort not logging any information about these trojan related alerts?


Because you don't have any rules listed there.  Uncomment the include
statement
and try again.

-- 
Brian Caswell
The MITRE Corporation

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: