Snort mailing list archives

Re: RE: Access denied for user: '@192.168.0.1' -SNORT-

From: Erek Adams <erek () snort org>
Date: Tue, 11 Feb 2003 16:12:51 -0500 (EST)

On Tue, 11 Feb 2003, mike Hughes wrote:

Whats uP..

Alright this is where i am right now....I ran this command on my linux
machine:

snort-mysql+flexresp -v -c /etc/snort/snort.conf

I get NO error messages: here is the output:


[...snip...]

Wrong.  You do get an error message.

ERROR spp_arpspoof /etc/snort/snort.conf(40) => Cannot initialize
arpspoof_detect_host without arpspoof


But that's not your problem.  See below.

[...snip...]

Snort analyzed 3 out of 3 packets, dropping 0(0.000%) packets

Breakdown by protocol:                Action Stats:
   TCP: 0          (0.000%)          ALERTS: 0
   UDP: 0          (0.000%)          LOGGED: 0
  ICMP: 0          (0.000%)          PASSED: 0
   ARP: 3          (100.000%)
EAPOL: 0          (0.000%)
  IPv6: 0          (0.000%)
   IPX: 0          (0.000%)
OTHER: 0          (0.000%)
DISCARD: 0          (0.000%)


[...snip...]

02/11-12:17:55.633645 ARP who-has 152.178.7.78 tell 152.178.0.254

02/11-12:17:58.850208 ARP who-has 152.178.7.78 tell 152.178.0.254

02/11-12:18:01.941099 ARP who-has 152.178.36.185 tell 152.178.0.254

------>And then it keeps logging traffic to my screen


Right.  Snort did exactly what it was supposed to.  It saw three arp
packets and displayed them to the screen.  No problem.

Now how  can i test it is going in my database on my windows machine what
are some command i can run on mysql on my windows machine(192.168.0.69)


[...snip...]

If you'll check the docs you'll find a statement that says "Command line
options override snort.conf settings."  Since you told Snort to
display/alert to the stdout device with "-v" it's skipping your ouput db
line in snort.conf.

Enable the ping rules and then login to a route-server
(route-server.exodus.net) and ping your box.  "Bing"  Alert generated and
sent to the DB--If you've setup the DB correctly.

Hope that helps!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: ACID - Which Database?, (continued)
- - - Re: ACID - Which Database? Paul B. Poh (Feb 11)
    - Re: ACID - Which Database? Yaakov Yehudi (Feb 12)
- RE: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 10)
- RE: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 10)
- Re: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 10)
- RE: Access denied for user: '@192.168.0.1' -SNORT- L. Christopher Luther (Feb 11)
- RE: Access denied for user: '@192.168.0.1' -SNORT- L. Christopher Luther (Feb 11)
- Re: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 11)
- RE: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 11)
  - RE: Access denied for user: '@192.168.0.1' -SNORT- Kenneth G. Arnold (Feb 11)
  - Re: RE: Access denied for user: '@192.168.0.1' -SNORT- Erek Adams (Feb 11)
- RE: Access denied for user: '@192.168.0.1' -SNORT- L. Christopher Luther (Feb 11)
  - RE: Access denied for user: '@192.168.0.1' -SNORT- Erek Adams (Feb 12)
- RE: Access denied for user: '@192.168.0.1' -SNORT- L. Christopher Luther (Feb 11)
- Re: Access denied for user: '@192.168.0.1' -SNORT- mike Hughes (Feb 12)