Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort Query for IDS centre.

From: "sanjeevs" <sanjeevs () lawkimupstream com>
Date: Thu, 28 Aug 2003 21:42:24 -0500

Hi ,

I have installed snort 2.0 on windows 2000 professional using IDS Centre 1.1
RC4. I am also getting Alerts as wellas E-mails for the alerts that are
logged. I am also able to download the
rulesets also.
  a.. Now my problem how will i come to know that rules are getting
downloaded and updated on my sensor? is there any check i should do in order
to confirm that ? ( i mean to say do i need to check the date of some files
in order to confirm that)
  b.. LAN IP's used inside my Network are 10.1.54.0/24 , 10.1.55.0/24 and
10.1.56.0/24. if i have to monitor all the 3 Networks using just 1 Sensor?
how it is possible.
          I have configure HOME_NET as
10.1.56.0/24,10.1.55.0/24,10.1.54.0/24 is this the correct format to be
used.
  a.. Can we create our own new rules in order to block or permit traffic as
per our needs.
  b.. I am planning to place the sensor behind the firewall and the various
ports that are kept OPEN in my firewall are as follows: 80, 25, HTTPS and
22.So could you Please guide me as to what should be the syntax of the rule
to be written if i have to monitor traffic coming from following mentioned
above ports PLUS snort should also LOG alerts via E-mail PLUS it should LOG
the data in SQL database also.
Waiting for your reply.

Thanks & Regards,

Sanjeev Sharma
NOC-Network Helpdesk.
Lawkim UP|Stream  Contact Management Pvt. Ltd.
Toll Free: 1866 244 2964 Ext 1090
Cell: 9821879812
Tel: +91-22-2530 2557 / 2558
Fax:+91-22-2530 2444

----- Original Message -----
From: "Jean Michel BARBET" <Jean-Michel.Barbet () subatech in2p3 fr>
To: <snort-users () lists sourceforge net>
Sent: Thursday, August 21, 2003 4:49 AM
Subject: [Snort-users] link between MP3 sites and Cyberkit pings ?



Hi,

My sensor is also alerting on CyberKit Pings since August, 15th.
There are two cases :

a) one external IP pings several hosts on our LAN (kind of ICPM scan).

b) 2 specific hosts on our LAN are the target of more than 50% of the
    Cyberkit ping traffic.

I do not understand b). The only clue is that both host have been
used to connect to MP3 sites.

=> any similar experience ? explanation ?

Jean-Michel BARBET.

--
------------------------------------------------------------------------
Jean-michel BARBET                    | Tel: +33 (0)2 51 85 84 86
Laboratoire SUBATECH Nantes France    | Fax: +33 (0)2 51 85 84 79
CNRS-IN2P3/Ecole des Mines/Universite | E-Mail: barbet () subatech in2p3 fr
------------------------------------------------------------------------



-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click

here:http://www.vmware.com/wl/offer/358/0

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users






-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: