Snort mailing list archives
Re: Snort not logging alerts.
From: sekure <sekure () gmail com>
Date: Thu, 29 Jul 2004 15:38:25 -0400
You can't do it. Not with TCP and not the way you are trying to. The problem is that TCP is a stateful protocol, it needs to establish a session before it can send data. What that means is that something has to be listening on port 80 in this case (http), for your browser to establish the connection, BEFORE it can send the CodeRed exploit. Since nothing is, nothing happens... If you are just doing this for testing, you can download netcat and tell it to listen to port 80. That way you'll be able to establish a connection and send the exploit. Otherwise you should look at some tools that can generate events without needing to establish a session first. Then you'll also have to run snort WITHOUT the -z switch. On Thu, 29 Jul 2004 12:11:40 -0700, Lyndon Tiu <ltiu () alumni sfu ca> wrote:
Hello, I found the problem, fixed it but found another problem. I found that if the host running Snort does not have a web server running, Snort will not bother loggin alerts. I need to find a way to tell Snort to log alerts anyways even if the host does not have a web server running. Perhaps you guys can help me by giving me a suggestion how to do this. Thanks. -- Lyndon Tiu ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort not logging alerts. Lyndon Tiu (Jul 29)
- <Possible follow-ups>
- RE: Snort not logging alerts. Esler, Joel - Contractor (Jul 29)
- Re: Snort not logging alerts. Lyndon Tiu (Jul 29)
- Re: Snort not logging alerts. Lyndon Tiu (Jul 29)
- Re: Snort not logging alerts. sekure (Jul 29)
- Re: Snort not logging alerts. Lyndon Tiu (Jul 29)