Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: MySQL logs wrong IP - Addresses ( caution - NEW BIE ! )

From: Steve Halligan <giermo () geeksquad com>
Date: Thu, 21 Nov 2002 13:27:46 -0600
You are looking at a decimal representation of the IP address.
So, in your example:
Decimal: 176689530
Binary: 00001010 10001000 00010001 01111010
Dotted Decimal: 10.136.17.122



hi, folks !
my sql drives me crazy.
table "iphdr" contains 
- ip - addresses without dots : "176689530"
- ip - addresses that do not make any sense at all, no matter where you
put            the dots : "3501791526"
- ip - addresses ( like above ) that do not match to the only 
test - rule
      ( alert tcp $HOME_NET any -> $EXTERNAL_NET any ) 
because the same
      ip - address is in the "source" - column in one row and 
in another             row it
is in the "destination" - column though the
      rule is only one - way
- ip - addresses do not match to the addresses in /var/log/snort/alert
      ( "10.136.16.8" which is ok ).
first i installed these rpm`s ( from 
ftp.suse.com/pub/suse/i386/7.3 ... ):
snort-1.8.1-32, apache-1.3.20-60, mysql-3.23.41-18, mod_php4-4.0.6-98,
phpMyAdmin-2.2.0-34 on SuSE 7.3, then i tried 
snort-1.9.0-1snort.src.rpm,
but the same shit.
forgive me if i forgot any information and gimmie a hint, please !
thanxalot,
hartmut verwiebe



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: