Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: problem about alert

From: "Chris Eidem" <jceidem () dexma com>
Date: Fri, 16 Nov 2001 13:23:57 -0600
Looks like you're plugged into a switch without monitoring set on.  You
need to set your switch to send a copy of the traffic to the port your
snort box is on.  


-----Original Message-----
From: Qinglan Li [mailto:li1q () cmich edu]
Sent: Friday, November 16, 2001 10:48 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] problem about alert


Hi all,


I'm new to snort; now I met a really simple proble. I tried to test
snort by using different attacks; Actually I use Nessus to 
simulate the
attacks. Whenever I run snort, the alert is always like this:
[**] [1:499:1] MISC Large ICMP Packet [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
......
[Xref => http://www.whitehats.com/info/IDS246]

Could you please give me any suggestion to figure out this problem?

Thanx a lot,

Laura


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: