Snort mailing list archives
Snort Win32 front end
From: Nick Benigno <nick () lloydstaffing com>
Date: Tue, 16 Jul 2002 17:36:07 -0400
I am having trouble finding a stable front end for the win32 version of snort 1.8.7. I have tried hooking up the IDScenter beta and after a while I get a bunch of error boxes in French. win2k server, snort 1.8.7, idscenter 1.9x beta. I am very new at snort and have very limited knowledge of correct implementation on a win32 host. I have downloaded all documents from snort.org and reviewed them, most of the articles are for the *nix version. Any tips would be helpful. Thanks. Nick -----Original Message----- From: snort-users-request () lists sourceforge net [mailto:snort-users-request () lists sourceforge net] Sent: Tuesday, July 16, 2002 3:05 PM To: snort-users () lists sourceforge net Subject: Snort-users digest, Vol 1 #2079 - 3 msgs Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-admin () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. Re: IDScenter Anomaly (Kistler Ueli) 2. Re: Snort Doesn't Set Second NIC Promiscuous (Erek Adams) 3. RE: IDScenter Anomaly (L. Christopher Luther) --__--__-- Message: 1 Date: Tue, 16 Jul 2002 20:43:58 +0200 From: Kistler Ueli <iuk () gmx ch> To: "L. Christopher Luther" <CLuther () xybernaut com> CC: Snort Users <snort-users () lists sourceforge net> Subject: [Snort-users] Re: IDScenter Anomaly <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"> <title></title> </head> <body> I will add buttons to change the order.<br> Currently i'm coding a rule editor .. works well (Classification config file can also be edited using the frontend).<br> <br> Release date not fixed yet (i'm working hard for my studies test soon.. sorry)<br> <br> Regards,<br> Ueli Kistler<br> eclipse () packx net<br> www.packx.net<br> <br> --<br> <br> L. Christopher Luther wrote:<br> <blockquote type="cite" cite="mid586FE4D3ED46814083CB2B4E667AFCC2092987 () spock xsi xybernaut com"> <meta http-equiv="Content-Type" content="text/html; "> <meta name="Generator" content="MS Exchange Server version 5.5.2653.12"> <title>IDScenter Anomaly</title> <p><font face="Times New Roman">Hello, </font> </p> <p><font face="Times New Roman">I'm a new user to IDScenter, but almost immediately, I noticed that IDScenter has a tendency to sort the list of included Snort rule files. Is this a feature or an anomaly? </font></p> <p><font face="Times New Roman">My vote, btw, is that it is an anomaly because I want to specifically control the order in which the rules are included and processed by the Snort binary. </font></p> <br> <p><font face="Times New Roman">Sincerely, </font> </p> <p><font face="Times New Roman">L. Christopher Luther </font> <br> <font face="Times New Roman">Technical Consultant </font> <br> <font face="Times New Roman">Xybernaut Solutions, Inc. </font> <br> <font size="2" face="Times New Roman">(703) 506-0400 x230 </font> <br> <font size="2" face="Times New Roman"><a class="moz-txt-link-abbreviated" href="mailto:cluther () xybernaut com ">cluther () xybernaut com </a> </font> <br> <font size="2" face="Times New Roman"><a href="http://www.xybernautsolutions.com"; target="_blank">http://www.xybernautsolutions.com</a> </font> </p> <p><font size="2" face="Times New Roman">My PGP Public Key: </font> <br> <font size="2" face="Times New Roman"><a href="http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88"; target="_blank">http://keyserver.pgp.com/pks/lookup?op=get&search=0x2126 1B88</a></font> </p> <p><b><font face="Times New Roman">CONFIDENTIALITY NOTE:</font></b><font face="Times New Roman"> This communication contains </font> <br> <font face="Times New Roman">information that is confidential and/or legally privileged. </font> <br> <font face="Times New Roman">This information is intended only for the use of the individual </font> <br> <font face="Times New Roman">or entity named on this communication. If you are not the </font> <br> <font face="Times New Roman">intended recipient, you are hereby notified that any disclosure, </font> <br> <font face="Times New Roman">copying, distribution, printing or other use of, or any action </font> <br> <font face="Times New Roman">in reliance on, the contents of this communication is strictly </font> <br> <font face="Times New Roman">prohibited. If you receive this communication in error, please </font> <br> <font face="Times New Roman">immediately notify us by telephone at (703) 506-0400. </font> </p> <p><font face="Times New Roman">------------------------------------------------------------<br> Unsolicited commercial e-mail will automatically be reported<br> to the appropriate abuse@ - without exception.<br> ------------------------------------------------------------</font> </p> </blockquote> <br> <br> </body> </html> --__--__-- Message: 2 Date: Tue, 16 Jul 2002 11:54:38 -0700 (PDT) From: Erek Adams <erek () theadamsfamily net> To: Stefan Schleifer <stefan.schleifer () linbit com> cc: Ken Schweigert <ken () byte-productions com>, <snort-users () lists sourceforge net> Subject: Re: [Snort-users] Snort Doesn't Set Second NIC Promiscuous On Tue, 16 Jul 2002, Stefan Schleifer wrote:
or use snort -i any that will enable snort to listen on all interfaces.
Ummmm... The original poster was on OBSD and the "-i any" _only_ works on
Linux based systems.
Please see the FAQ:
http://www.snort.org/docs/faq.html#3.4
Cheers!
-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net
--__--__--
Message: 3
From: "L. Christopher Luther" <CLuther () Xybernaut com>
To: 'Kistler Ueli' <iuk () gmx ch>
Cc: Snort Users <snort-users () lists sourceforge net>
Date: Tue, 16 Jul 2002 14:57:48 -0400
Subject: [Snort-users] RE: IDScenter Anomaly
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C22CFA.AD6C3070
Content-Type: text/plain;
charset="iso-8859-1"
Thanks for the quick reply. I'll keep an eye open for the next release of
IDScenter.
- Christopher
-----Original Message-----
From: Kistler Ueli [mailto:iuk () gmx ch]
Sent: Tuesday, July 16, 2002 2:44 PM
To: L. Christopher Luther
Cc: Snort Users
Subject: Re: IDScenter Anomaly
I will add buttons to change the order.
Currently i'm coding a rule editor .. works well (Classification config file
can also be edited using the frontend).
Release date not fixed yet (i'm working hard for my studies test soon..
sorry)
Regards,
Ueli Kistler
eclipse () packx net
www.packx.net
--
L. Christopher Luther wrote:
Hello,
I'm a new user to IDScenter, but almost immediately, I noticed that
IDScenter has a tendency to sort the list of included Snort rule files. Is
this a feature or an anomaly?
My vote, btw, is that it is an anomaly because I want to specifically
control the order in which the rules are included and processed by the Snort
binary.
Sincerely,
L. Christopher Luther
Technical Consultant
Xybernaut Solutions, Inc.
(703) 506-0400 x230
cluther () xybernaut com <mailto:cluther () xybernaut com >
http://www.xybernautsolutions.com <http://www.xybernautsolutions.com>
My PGP Public Key:
http://keyserver.pgp.com/pks/lookup?op=get
<http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88>
&search=0x21261B88
CONFIDENTIALITY NOTE: This communication contains
information that is confidential and/or legally privileged.
This information is intended only for the use of the individual
or entity named on this communication. If you are not the
intended recipient, you are hereby notified that any disclosure,
copying, distribution, printing or other use of, or any action
in reliance on, the contents of this communication is strictly
prohibited. If you receive this communication in error, please
immediately notify us by telephone at (703) 506-0400.
------------------------------------------------------------
Unsolicited commercial e-mail will automatically be reported
to the appropriate abuse@ - without exception.
------------------------------------------------------------
------_=_NextPart_001_01C22CFA.AD6C3070
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<TITLE></TITLE>
<META content=3D"MSHTML 5.50.4916.2300" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D446495618-16072002><FONT color=3D#0000ff>Thanks for =
the quick=20
reply. I'll keep an eye open for the next release of =
IDScenter. =20
</FONT></SPAN></DIV>
<DIV><SPAN class=3D446495618-16072002><FONT=20
color=3D#0000ff></FONT></SPAN> </DIV>
<DIV><SPAN class=3D446495618-16072002><FONT color=3D#0000ff>-=20
Christopher</FONT></SPAN></DIV>
<BLOCKQUOTE>
<DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
size=3D2>-----Original Message-----<BR><B>From:</B> Kistler Ueli=20
[mailto:iuk () gmx ch]<BR><B>Sent:</B> Tuesday, July 16, 2002 2:44=20
PM<BR><B>To:</B> L. Christopher Luther<BR><B>Cc:</B> Snort=20
Users<BR><B>Subject:</B> Re: IDScenter =
Anomaly<BR><BR></FONT></DIV>I will=20
add buttons to change the order.<BR>Currently i'm coding a rule =
editor ..=20
works well (Classification config file can also be edited using the=20
frontend).<BR><BR>Release date not fixed yet (i'm working hard for my =
studies=20
test soon.. sorry)<BR><BR>Regards,<BR> Ueli=20
=
Kistler<BR> eclipse () packx net<BR> www.packx.net<BR><BR>--<BR><=
BR>L.=20
Christopher Luther wrote:<BR>
<BLOCKQUOTE=20
=
cite=3D"mid586FE4D3ED46814083CB2B4E667AFCC2092987 () spock xsi xybernaut co=
m"=20
type=3D"cite">
<META content=3D"MS Exchange Server version 5.5.2653.12" =
name=3DGenerator>
<P><FONT face=3D"Times New Roman">Hello, </FONT></P>
<P><FONT face=3D"Times New Roman">I'm a new user to IDScenter, but =
almost=20
immediately, I noticed that IDScenter has a tendency to sort the =
list of=20
included Snort rule files. Is this a feature or an =
anomaly? =20
</FONT></P>
<P><FONT face=3D"Times New Roman">My vote, btw, is that it is an =
anomaly=20
because I want to specifically control the order in which the rules =
are=20
included and processed by the Snort binary. </FONT></P><BR>
<P><FONT face=3D"Times New Roman">Sincerely, </FONT></P>
<P><FONT face=3D"Times New Roman">L. Christopher Luther =
</FONT><BR><FONT=20
face=3D"Times New Roman">Technical Consultant =
</FONT><BR><FONT=20
face=3D"Times New Roman">Xybernaut Solutions, Inc. =
</FONT><BR><FONT=20
face=3D"Times New Roman" size=3D2>(703) 506-0400 x230 =
</FONT><BR><FONT=20
face=3D"Times New Roman" size=3D2><A =
class=3Dmoz-txt-link-abbreviated=20
=
href=3D"mailto:cluther () xybernaut com ">cluther () xybernaut com <=
/A>=20
</FONT><BR><FONT face=3D"Times New Roman" size=3D2><A =
target=3D_blank=20
=
href=3D"http://www.xybernautsolutions.com";>http://www.xybernautsolutions=
.com</A> </FONT>=20
</P>
<P><FONT face=3D"Times New Roman" size=3D2>My PGP Public Key: =
</FONT><BR><FONT face=3D"Times New Roman" size=3D2><A =
target=3D_blank=20
=
href=3D"http://keyserver.pgp.com/pks/lookup?op=3Dget&search=3D0x2126=
1B88">http://keyserver.pgp.com/pks/lookup?op=3Dget&search=3D0x21261B=
88</A></FONT>=20
</P>
<P><B><FONT face=3D"Times New Roman">CONFIDENTIALITY =
NOTE:</FONT></B><FONT=20
face=3D"Times New Roman"> This communication contains =
</FONT><BR><FONT=20
face=3D"Times New Roman">information that is confidential and/or =
legally=20
privileged. </FONT><BR><FONT face=3D"Times New Roman">This =
information=20
is intended only for the use of the individual </FONT><BR><FONT=20
face=3D"Times New Roman">or entity named on this communication. If =
you are not=20
the </FONT><BR><FONT face=3D"Times New Roman">intended recipient, =
you are=20
hereby notified that any disclosure, </FONT><BR><FONT=20
face=3D"Times New Roman">copying, distribution, printing or other =
use of, or=20
any action </FONT><BR><FONT face=3D"Times New Roman">in reliance =
on, the=20
contents of this communication is strictly </FONT><BR><FONT=20
face=3D"Times New Roman">prohibited. If you receive this =
communication=20
in error, please </FONT><BR><FONT face=3D"Times New =
Roman">immediately notify=20
us by telephone at (703) 506-0400. </FONT></P>
<P><FONT=20
face=3D"Times New =
Roman">------------------------------------------------------------<BR>U=
nsolicited=20
commercial e-mail will automatically be reported<BR>to the =
appropriate=20
abuse@ - without=20
=
exception.<BR>----------------------------------------------------------=
--</FONT>=20
</P></BLOCKQUOTE><BR><BR></BLOCKQUOTE></BODY></HTML>
------_=_NextPart_001_01C22CFA.AD6C3070--
--__--__--
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users
End of Snort-users Digest
-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing
real-time communications platform! Don't just IM. Build it in!
http://www.jabber.com/osdn/xim
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Win32 front end Nick Benigno (Jul 16)
- Re: Snort Win32 front end Kistler Ueli (Jul 16)