Snort mailing list archives
Re: Snort Glitch perhaps
From: twig les <twigles () yahoo com>
Date: Thu, 6 Mar 2003 10:01:31 -0800 (PST)
Or write a pass rule for your IP. --- Erek Adams <erek () snort org> wrote:
On Thu, 6 Mar 2003, Allan wrote:I am using RH 8.0 with snort 1.9.1 and latest ACID. When I modified the rules, I decided to turn on the pornrule. I have 2known users that surf when they shouldnt be "cest la vie". What is interesting is when I log into the acid console frommy home remotecomputer, it starts flagging alerts, when I look they arepron alerts comingfrom my snort box serving my home pc. I am sitting infromnt of my snortbox, and logging into acid console all is well, except I amseeing pornrules coming from an outside address to my networ broadcast.If you are surfing into your ACID box and looking at alerts, and Snort just happens to sit on that same net.... Snort will see the pr0n keywords and it will alert on that.... So each time you view an alert, you will get an alert. :-) Use https, stunnel, ssh or something to encrypt the traffic back to your outside location. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
===== ----------------------------------------------------------- Know yourself and know your enemy and you will never fear defeat. ----------------------------------------------------------- __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort and gaultlet steve nutt (Mar 05)
- <Possible follow-ups>
- Snort and Gaultlet steve nutt (Mar 05)
- Re: Snort and Gaultlet James Hoagland (Mar 06)
- Snort Glitch perhaps Allan (Mar 06)
- Re: Snort Glitch perhaps Erek Adams (Mar 06)
- Re: Snort Glitch perhaps twig les (Mar 06)
- Re: Snort Glitch perhaps Jason Haar (Mar 06)
- Re: Snort and Gaultlet James Hoagland (Mar 06)