Re: acid simple question from a noobie

[Joe McAlerney <joey () SiliconDefense com>]

"Dominick, David" wrote:

> 1) If I am getting no alerts on the network I am scanning with the rules I
> am using, should Acid be showing anything?

I'm not quite sure what you are asking.  Are you using exploits that the
rules are looking for to test Snort?  That would make sense.  Make sure
your HOME_NET and/or INTERNAL/EXTERNAL or EXTERNAL_NET variables are set
up correctly.  In other words, if you have HOME_NET set as 10.0.0.0/24,
and EXTERNEL_NET as !$HOME_NET, and the rules you are testing look for
$EXTERNAL_NET -> $HOME_NET traffic, then it's possible they won't
trigger if you are scanning from the inside.

> 2) what default acid page should I bring up to view all the information?
> Index.heml brings up code, acid_graph_main brings up a blank page with
> "Graph Alert Data" title bar on it.

Just type in the url to the directory acid is in:

http://10.0.0.x/acid/

If php is configured correctly on your web server, it should present the
start page.  From what it sounds like when you pull up index.html, your
web server may not be configured with php enabled.  Check that it is.

Hope this helps,

-Joe M.

-- 
|   Joe McAlerney     joey () silicondefense com   |
| Silicon Defense - Technical Support for Snort |
|       http://www.silicondefense.com/          |
+--                                           --+

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users