Snort mailing list archives
RE: plz help
From: "Harper, Patrick" <patrick.harper () phns com>
Date: Wed, 14 Jul 2004 08:15:00 -0500
Do you have a rule for large ICMP enabled? Try a vulnerability scanner, that should trigger some alerts for ya. Or if you have the content: /etc/passwd rule enabled just go to the IP of the snort box in a browser with /etc/passwd in the URL and you should get an alert. When you say "how do I check this from other clients ?" are you talking about checking the traffic to and from the clients on your network? If you are on a switched (a managed on) you need to set a span or monitor port depending on the brand of switch. If you are on a dumb switch then you either need to use a tap or a small hub inline, taps work better in my opinion but hubs are cheaper. Hope that helps -----Original Message----- From: Chandana Bandara [mailto:chandana () dialogsl net] Sent: Wednesday, July 14, 2004 6:19 AM To: snort-users () lists sourceforge net Subject: [Snort-users] plz help hi , I have installed snort perfectly in Red Hat Linux 9 box.ACID url runs on the browser. i used ping command with huge paccket sizes to that snort server. But there was no any alerts in the ACID. So tell me , how do i check this from other clients ? plz help thanx in advance chandana Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- plz help Chandana Bandara (Jul 14)
- Re: plz help shashank . joshi (Jul 14)
- <Possible follow-ups>
- RE: plz help Harper, Patrick (Jul 14)
- RE: plz help Nick Duda (Jul 14)
- Re: plz help Chandana Bandara (Jul 15)
- RE: plz help Nick Duda (Jul 15)