Snort mailing list archives

RE: plz help

From: "Harper, Patrick" <patrick.harper () phns com>
Date: Wed, 14 Jul 2004 08:15:00 -0500

Do you have a rule for large ICMP enabled?  Try a vulnerability scanner,
that should trigger some alerts for ya.  Or if you have the content:
/etc/passwd  rule enabled just go to the IP of the snort box in a
browser with /etc/passwd in the URL and you should get an alert.  

When you say "how do I check this from other clients ?" are you talking
about checking the traffic to and from the clients on your network?  If
you are on a switched (a managed on) you need to set a span or monitor
port depending on the brand of switch.  If you are on a dumb switch then
you either need to use a tap or a small hub inline, taps work better in
my opinion but hubs are cheaper.

Hope that helps

-----Original Message-----
From: Chandana Bandara [mailto:chandana () dialogsl net] 
Sent: Wednesday, July 14, 2004 6:19 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] plz help

hi , 
 
I have installed snort perfectly in Red Hat Linux 9 box.ACID url runs on
the browser.
i used ping command with huge paccket sizes to that snort server. But
there was no any alerts in the ACID. 
 
So tell me , how do i check this from other clients ?
 
plz help
 
thanx in advance
chandana 




Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

plz help Chandana Bandara (Jul 14)
- Re: plz help shashank . joshi (Jul 14)
- <Possible follow-ups>
- RE: plz help Harper, Patrick (Jul 14)
- RE: plz help Nick Duda (Jul 14)
  - Re: plz help Chandana Bandara (Jul 15)
- RE: plz help Nick Duda (Jul 15)