Snort mailing list archives
Re: snort woes (update)
From: Jim Starke <jstarke () ptd net>
Date: Sat, 11 Aug 2001 21:53:22 -0400
John Berkers wrote:
Jim, I noticed in an earlier message that you put the tcp any any -> any any rule into your virus.rules. This include file is commented out by default, make sure that the # in front of it is removed and see how you go. Hope your hair grows back when the problems are sorted. :)
Thanks John, I hope it does too. I have uncommented all of the rules during my journeys. I even moved that rule over into the exploit.rules just in case snort was thinking that I hadn't uncommented the virus.rules file.
From what I see now, snort is alerting on icmp packets but isn't alerting on tcp or udp packets.
When this is finally working, it's probably going to be something really simple and I'm going to look awfully foolish for bothering everyone. ;-)
-- Quidquid latine dictum sit, altum viditur. http://www.jcsmall.com/homepage _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort woes Jim Starke (Aug 10)
- Re: snort woes Phil Wood (Aug 10)
- Re: snort woes Jim Starke (Aug 11)
- Re: snort woes J. C. Woods (Aug 11)
- Re: snort woes Jed Pickel (Aug 11)
- Re: snort woes Jim Starke (Aug 11)
- Re: snort woes Jim Starke (Aug 11)
- Re: snort woes Phil Wood (Aug 10)
- Re: snort woes (update) Jim Starke (Aug 11)
- RE: snort woes (update) John Berkers (Aug 11)
- Re: snort woes (update) Jim Starke (Aug 11)
- RE: snort woes (update) John Berkers (Aug 11)
- RE: snort woes (update) John Berkers (Aug 11)