Snort mailing list archives

Re: Snort 1.81Beta6 build 64 broken stream4?

From: "Jason A. Haynes" <jahaynes () erols com>
Date: Wed, 8 Aug 2001 10:06:46 -0400 (EDT)


curious: try dumping the alert's content to a file & using netcat instead
-- if you get the alert on the netcat but not the telnet that should
isolate the telnet decode/stream reassembly (telnet sends mostly one
character packets, for interactivity).

just a thought,
Jason

On Wed, 8 Aug 2001, Andrew Cogger wrote:

G'day,

Updated from 1.81beta5 build 59 to 1.81beta6 build 60 (and then 64),
only to find snort died overnight. Also, although snort is going mad
logging http scans from CoderedII infected machines, snort is no
longer capturing alerts aimed at our web site, which up until beta6
were being captured fine. Even telneting into our web site and typing
in content strings which should be triggering alerts caused none to be
logged. Could there be a prob with the stream plugin??



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 1.81Beta6 build 64 broken stream4? Andrew Cogger (Aug 08)
- Re: Snort 1.81Beta6 build 64 broken stream4? Jason A. Haynes (Aug 08)
- Re: Snort 1.81Beta6 build 64 broken stream4? Martin Roesch (Aug 08)
  - hELP IN FILTERING Gerardo Gregory (Aug 08)