Snort mailing list archives
RE: Serious Snort Bug Could Lead To Next Slammer
From: "Ron Jenkins" <rjenkins () dibr net>
Date: Thu, 20 Oct 2005 07:39:19 -0500
What is the deal with this guy! He loves to complain before checking for facts. I feel sorry for the Windows users! -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Patrick Harper Sent: Thursday, October 20, 2005 7:37 AM To: 'Michael Steele'; snort-users () lists sourceforge net Subject: RE: [Snort-users] Serious Snort Bug Could Lead To Next Slammer http://www.snort.org/rules/advisories/snort_update_20051018.html Fixes and Mitigation Instructions Available for Snort Back Orifice Vulnerability Jennifer Steffens (Sourcefire) @ October 18, 2005 09:18:01 There is a link on the front page and on the news page -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Michael Steele Sent: Thursday, October 20, 2005 6:39 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Serious Snort Bug Could Lead To Next Slammer I found this: http://www.crn.com/sections/breakingnews/dailyarchives.jhtml?articleId=1 7230 2520 No mention on Snort.org or in the list. Kindest regards, Michael... WINSNORT.com Management Team Member -- Pick up your FREE Windows or UNIX Snort installation guides mailto:support () winsnort com Website: http://www.winsnort.com Snort: Open Source Network IDS - http://www.snort.org -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Igor Belikov Sent: Thursday, October 20, 2005 12:18 AM To: snort-users () lists sourceforge net Subject: Re[2]: [Snort-users] need help configuring snort + barnyard Hello Chris, Wednesday, October 19, 2005, 7:31:05 PM, you wrote: CE> | I configured snort to write both alert and log files in unified CE> | format. But I can't configure barnyard properly to store in DB CE> | detailed info about alerts. CE> | CE> | Barnyard "watch" alert files and stores info about alerts, but I CE> | need also store whole packets caused alert. CE> It seems you don't need to have snort write both unified files. All the CE> required info seems to be in the unified "log" file, so this is what you CE> want barnyard to read. It's not at all clear to us what info is in the CE> unified "alert" file that's not *also* in the unified "log" file. So we CE> don't write a unified "alert" file at all. It's sounds good, but I still can't configure snort + barnyard. Last configs: - snort: output log_unified: filename snort.log, limit 128 - barnyard: output log_acid_db: mysql, sensor_id 1, database snort, server x.x.x.x, user xxxxx, password xxxxx, detail full In /log directory I see "snort.log.<timestamp>", "barnyard.waldo" (with correct link to snort.log) and "alert" (with alerts produced by snort). Watching log files I see that barnyard works (link in waldo file follows growing snort.log), but I don't get any new alerts in DB. Using previous variant of configs (using unified alert) barnyard put all alerts in DB. Please, point me where I make mistake. -- Best regards, Igor mailto:ivb () is ua ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Serious Snort Bug Could Lead To Next Slammer Ron Jenkins (Oct 20)
- <Possible follow-ups>
- RE: Serious Snort Bug Could Lead To Next Slammer Ron Jenkins (Oct 20)
- RE: Serious Snort Bug Could Lead To Next Slammer Ron Jenkins (Oct 20)
- RE: Serious Snort Bug Could Lead To Next Slammer Michael Steele (Oct 20)
- RE: Serious Snort Bug Could Lead To Next Slammer Willy, Andrew (Oct 21)
- RE: Serious Snort Bug Could Lead To Next Slammer Theodore Stout (Oct 22)