Snort mailing list archives
Snort Query for IDS centre.
From: "sanjeevs" <sanjeevs () lawkimupstream com>
Date: Thu, 28 Aug 2003 21:42:24 -0500
Hi , I have installed snort 2.0 on windows 2000 professional using IDS Centre 1.1 RC4. I am also getting Alerts as wellas E-mails for the alerts that are logged. I am also able to download the rulesets also. a.. Now my problem how will i come to know that rules are getting downloaded and updated on my sensor? is there any check i should do in order to confirm that ? ( i mean to say do i need to check the date of some files in order to confirm that) b.. LAN IP's used inside my Network are 10.1.54.0/24 , 10.1.55.0/24 and 10.1.56.0/24. if i have to monitor all the 3 Networks using just 1 Sensor? how it is possible. I have configure HOME_NET as 10.1.56.0/24,10.1.55.0/24,10.1.54.0/24 is this the correct format to be used. a.. Can we create our own new rules in order to block or permit traffic as per our needs. b.. I am planning to place the sensor behind the firewall and the various ports that are kept OPEN in my firewall are as follows: 80, 25, HTTPS and 22.So could you Please guide me as to what should be the syntax of the rule to be written if i have to monitor traffic coming from following mentioned above ports PLUS snort should also LOG alerts via E-mail PLUS it should LOG the data in SQL database also. Waiting for your reply. Thanks & Regards, Sanjeev Sharma NOC-Network Helpdesk. Lawkim UP|Stream Contact Management Pvt. Ltd. Toll Free: 1866 244 2964 Ext 1090 Cell: 9821879812 Tel: +91-22-2530 2557 / 2558 Fax:+91-22-2530 2444 ----- Original Message ----- From: "Jean Michel BARBET" <Jean-Michel.Barbet () subatech in2p3 fr> To: <snort-users () lists sourceforge net> Sent: Thursday, August 21, 2003 4:49 AM Subject: [Snort-users] link between MP3 sites and Cyberkit pings ?
Hi, My sensor is also alerting on CyberKit Pings since August, 15th. There are two cases : a) one external IP pings several hosts on our LAN (kind of ICPM scan). b) 2 specific hosts on our LAN are the target of more than 50% of the Cyberkit ping traffic. I do not understand b). The only clue is that both host have been used to connect to MP3 sites. => any similar experience ? explanation ? Jean-Michel BARBET. -- ------------------------------------------------------------------------ Jean-michel BARBET | Tel: +33 (0)2 51 85 84 86 Laboratoire SUBATECH Nantes France | Fax: +33 (0)2 51 85 84 79 CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: barbet () subatech in2p3 fr ------------------------------------------------------------------------ ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click
here:http://www.vmware.com/wl/offer/358/0
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- link between MP3 sites and Cyberkit pings ? Jean Michel BARBET (Aug 22)
- Re: link between MP3 sites and Cyberkit pings ? Erek Adams (Aug 22)
- Snort Query for IDS centre. sanjeevs (Aug 29)
- Re: Snort Query for IDS centre. Erek Adams (Aug 29)
- <Possible follow-ups>
- RE: link between MP3 sites and Cyberkit pings ? Williams Jon (Aug 22)