Snort mailing list archives
Re: Weird problem
From: Erek Adams <erek () snort org>
Date: Tue, 11 Mar 2003 08:22:34 -0500 (EST)
On Tue, 11 Mar 2003, Chae Yew Chuen wrote:
I install snort 1.9 on a win2k server running IIS 5.0 with patches installed the box has 3 NICs installed.I test snort by launching a series of uricode attacks from another PC ,it manage to detect the attack only once even i launch 10 different attacks at different intervals. How can i configure it to detect the attacks??
What attacks? What rules (SID's) did you expect to be alerted by? Did you examine the rules to see what the triggers were? Do you know that the other PC was even sending all of the indicated attacks? Any examples? How were you sending the alerts? BTW, if "1.9" means 1.9.0, then please upgrade to the newest build. There was a security issue with the RPC decoder in 1.9.0 that's fixed in 1.9.1. You can snag the Windows binary here [0]. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson [0] http://www.snort.org/dl/binaries/win32/snort-1_9_1.exe ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Weird problem Chae Yew Chuen (Mar 10)
- Re: Weird problem Erek Adams (Mar 11)