Snort mailing list archives
RE: Snort Question
From: Kresna Prawira <kprawira () esurance com>
Date: Mon, 27 Aug 2001 18:44:54 -0700
another newbie question. I get a lot of false positive messages from my DNS servers. I already define the DNS servers on "var DNS_SERVERS" and uncomment #preprocessor portscan-ignorehosts: $DNS_SERVERS any idea? -----Original Message----- From: Chris Green [mailto:cmg () uab edu] Sent: Monday, August 27, 2001 6:04 PM To: Bill Rogers Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort Question "Bill Rogers" <billr94 () home com> writes:
I am new to using snort and am try to get it set up correctly. I would like to monitor traffic contain the code red variants. I installed snort on a win2k box and when I run the rule set, I keep getting an error C:\snort\rules\web-iis.rules:6 => Port value missing rule!
you need to define the variables $EXTERNAL_NET and $HOME_NET see snort.conf for an example. You should really be running snort against that and then only including the web-iis.rules of it. -- Chris Green <cmg () uab edu> I've had a perfectly wonderful evening. But this wasn't it. -- Groucho Marx _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Question Bill Rogers (Aug 27)
- Re: Snort Question Chris Green (Aug 27)
- <Possible follow-ups>
- RE: Snort Question Kresna Prawira (Aug 27)