Re: Snort-users Digest, Vol 46, Issue 32

["Tushar Modi" <TusharM () easymatch com>]

I just found we are using version 2.6 not 2.4. I would like to know, how
to update to newer version with latest signature.

Thanks

Tushar Modi
Sr. Network Analyst
JK Group Inc.
work:(609) 799-7830 Ext. 13732
Fax:(609)799-8019
Integrated Solutions for Global Philanthropy


-----Original Message-----
From: snort-users-request () lists sourceforge net
[mailto:snort-users-request () lists sourceforge net] 
Sent: Wednesday, March 24, 2010 4:00 PM
To: snort-users () lists sourceforge net
Subject: Snort-users Digest, Vol 46, Issue 32

Send Snort-users mailing list submissions to
        snort-users () lists sourceforge net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
        snort-users-request () lists sourceforge net

You can reach the person managing the list at
        snort-users-owner () lists sourceforge net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: How many ports is considered a portsweep/portscan?
      (Nerijus Krukauskas)
   2.  Tap and Hub (D. Hofstee)
   3. Re: Tap and Hub (Nick Moore)
   4. Re: snort information (Tushar Modi)


----------------------------------------------------------------------

Message: 1
Date: Wed, 24 Mar 2010 20:14:02 +0200
From: Nerijus Krukauskas <nkrukauskas () gmail com>
Subject: Re: [Snort-users] How many ports is considered a
        portsweep/portscan?
To: Joel Esler <joel.esler () me com>
Cc: "snort-users () lists sourceforge net"
        <snort-users () lists sourceforge net>
Message-ID:
        <951e50da1003241114y414e3f84u5696e746286b46ba () mail gmail com>
Content-Type: text/plain; charset=UTF-8

On 2010-03-24, Joel Esler <joel.esler () me com> wrote:
> Ah. That makes sense. Tip: reply to all?

Hate this feature, when replying to mailing list post. In good old
days :) the mailing list posts ALL had reply-to mapped to mailing
list. Now it's different with each list... OK, this is starting to
look like old man whining... Gotta stop it. :)

-- 
http://nk99.org/



------------------------------

Message: 2
Date: Wed, 24 Mar 2010 20:14:09 +0100
From: "D. Hofstee" <hofstee () gmail com>
Subject: [Snort-users]  Tap and Hub
To: snort-users () lists sourceforge net
Message-ID:
        <6b35b1711003241214rc4f8a98l194d4222c5277347 () mail gmail com>
Content-Type: text/plain; charset="utf-8"

---------- Forwarded message ----------
From: D. Hofstee <hofstee () gmail com>
Date: Wed, Mar 24, 2010 at 8:13 PM
Subject: Re: [Snort-users] Tap and Hub
To: Eoin Miller <eoin.miller () trojanedbinaries com>


well, for the sake of being curious: how do people monitor inter-server
traffic? A tap in front of the switch doesn't do the job.

bye,

David


On Wed, Mar 24, 2010 at 7:11 PM, Eoin Miller <
eoin.miller () trojanedbinaries com> wrote:

> Here is a good article/writeup about this:
> http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html
>
> -- Eoin
>
> On 3/24/2010 4:12 PM, akos.daniel () db-soft hu wrote:
> > Hi,
> >
> > What is the difference between a network hub and a network tap?
> > Maybe a stupid question, but is there a "gigabit hub" on the market
or
> for
> > gigabit should I look for a tap?
> > (span port is not possible in my case...)
> > Thanks for the info.
> >
> > Akos
------------------------------------------------------------------------
------
> > Download Intel&#174; Parallel Studio Eval
> > Try the new software tools for yourself. Speed compiling, find bugs
> > proactively, and fine-tune applications for parallel performance.
> > See why Intel Parallel Studio got high marks during beta.
> > http://p.sf.net/sfu/intel-sw-dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------
------
> Download Intel&#174; Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0AS
nort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 3
Date: Wed, 24 Mar 2010 14:17:56 -0500
From: Nick Moore <nmoore () sourcefire com>
Subject: Re: [Snort-users] Tap and Hub
To: "D. Hofstee" <hofstee () gmail com>
Cc: snort-users () lists sourceforge net
Message-ID:
        <5c039a921003241217u3d040873ge9cc553037d677b0 () mail gmail com>
Content-Type: text/plain; charset="iso-8859-1"

David,

That's why larger switches have the SPAN feature. In essence, it repeats
the
traffic of some or all the other switch ports out a designated port for
sniffers or IDS sensors. Here's more info:

http://www.enterprisenetworkingplanet.com/nethub/article.php/3766701

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note
09186a008015c612.shtml


Nick

On Wed, Mar 24, 2010 at 2:14 PM, D. Hofstee <hofstee () gmail com> wrote:

> ---------- Forwarded message ----------
> From: D. Hofstee <hofstee () gmail com>
> Date: Wed, Mar 24, 2010 at 8:13 PM
> Subject: Re: [Snort-users] Tap and Hub
> To: Eoin Miller <eoin.miller () trojanedbinaries com>
>
>
> well, for the sake of being curious: how do people monitor
inter-server
> traffic? A tap in front of the switch doesn't do the job.
>
> bye,
>
> David
>
>
> On Wed, Mar 24, 2010 at 7:11 PM, Eoin Miller <
> eoin.miller () trojanedbinaries com> wrote:
>
> > Here is a good article/writeup about this:
> > http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html
> >
> > -- Eoin
> >
> > On 3/24/2010 4:12 PM, akos.daniel () db-soft hu wrote:
> > > Hi,
> > >
> > > What is the difference between a network hub and a network tap?
> > > Maybe a stupid question, but is there a "gigabit hub" on the market
or
> > for
> > > gigabit should I look for a tap?
> > > (span port is not possible in my case...)
> > > Thanks for the info.
> > >
> > > Akos
------------------------------------------------------------------------
------
> > > Download Intel&#174; Parallel Studio Eval
> > > Try the new software tools for yourself. Speed compiling, find bugs
> > > proactively, and fine-tune applications for parallel performance.
> > > See why Intel Parallel Studio got high marks during beta.
> > > http://p.sf.net/sfu/intel-sw-dev
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------
------
> > Download Intel&#174; Parallel Studio Eval
> > Try the new software tools for yourself. Speed compiling, find bugs
> > proactively, and fine-tune applications for parallel performance.
> > See why Intel Parallel Studio got high marks during beta.
> > http://p.sf.net/sfu/intel-sw-dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0AS
nort-users>list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------
------
> Download Intel&#174; Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users



-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore () sourcefire com
IM    nickgmoore (Yahoo)
      nickgmoore38 (AIM)

   ,,_
  o"  )~   Sourcefire - The Creators of Snort
   ''''

www.sourcefire.com         www.snort.org
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 4
Date: Wed, 24 Mar 2010 15:47:22 -0400
From: "Tushar Modi" <TusharM () easymatch com>
Subject: Re: [Snort-users] snort information
To: <snort-users () lists sourceforge net.>
Message-ID:
        
<9DAE5CA10EF4154AA7927184AF08AAFC01FC6DDE@ntserver43.JKGROUP.Internal>
Content-Type: text/plain; charset="us-ascii"

Hi,

We are using older Snort 2.4 version and we would like to upgrade  it to
2.8 latest version. We are running older version in windows 2003 server.
If you please send us information , how to upgrade to 2.8 in windows
2003 server. I downloaded current version from your web site but I
really do not know how to upgrade and what is quickest method to upgrade
to latest version.

 

I appreciate it, If you please provide us information so we can upgrade
latest version with the current signature.

 

Thanks,

Tushar Modi

Sr. Network Analyst

JK Group Inc.

work:(609) 799-7830 Ext. 13732

Fax:(609)799-8019

Integrated Solutions for Global Philanthropy

 

From: Mike Guiterman [mailto:mguiterman () sourcefire com] 
Sent: Wednesday, March 24, 2010 3:41 PM
To: Tushar Modi
Subject: Re: snort information

 

Check out the set-up guides here:
http://www.snort.org/docs/setup-guides/.  If you don't find one that
matches to your platform you should ask the snort-users mailing list.
Someone in the community may be able to provide guidance.

-mg

On Wed, Mar 24, 2010 at 3:31 PM, Tushar Modi <TusharM () easymatch com>
wrote:

Hi Mike,

 

Thank you for this quick reply, we are running 2.4 so how can I upgrade
it to 2.8. What is a process to upgrade current version. If you please
provide us a doc. With where and how to upgrade it. I appreciate it.

 

Thanks,

Tushar Modi

Sr. Network Analyst

JK Group Inc.

work:(609) 799-7830 Ext. 13732

Fax:(609)799-8019

Integrated Solutions for Global Philanthropy

 

From: Mike Guiterman [mailto:mguiterman () sourcefire com] 
Sent: Wednesday, March 24, 2010 3:27 PM
To: Tushar Modi
Cc: snort-team () sourcefire com
Subject: Re: snort information

 

Hi Tushar,

You've got to upgrade your Snort Install.  Snort is currently at version
2.8.5.3.  Snort 2.4 hasn't been supported for quite some time.

Regards,

Mike

-- 
Mike Guiterman
Snort Community Manager
Sourcefire, Inc.
mguiterman () sourcefire com
410.423.1930 (office)
703.400.4091 (mobile)

On Wed, Mar 24, 2010 at 3:23 PM, Tushar Modi <TusharM () easymatch com>
wrote:

Hi,

 

We are using your snort IDS version 2.4 and we would like to update the
signature with the current version. I appreciate it, if  you please
provide us information to update the signature with the current version.

 

Thanks,

 

Tushar Modi

Sr. Network Analyst

JK Group Inc.

work:(609) 799-7830 Ext. 13732

Fax:(609)799-8019

Integrated Solutions for Global Philanthropy

 





 

-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

------------------------------------------------------------------------
------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest, Vol 46, Issue 32
*******************************************

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users