Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-users Digest, Vol 48, Issue 45

From: Pedro Marinho <pppmarinho () gmail com>
Date: Tue, 1 Jun 2010 12:39:22 -0300
Hello,

Thanks for the reply. The icmp rules are disabled. I did disable some unused
rules and some rules that are bad for the detection engine. After that the
dropped packet rate did fall to 20% Still high so i have to study which more
rules i have to disable here.


Message: 2

Date: Sat, 29 May 2010 08:59:59 -0400
From: firewalZ <firewalz () gmail com>
Subject: Re: [Snort-users] snort not generating lots of alerts
To: Pedro Marinho <pppmarinho () gmail com>
Cc: snort-users () lists sourceforge net
Message-ID:
       <AANLkTin6LUJ93P6oUr6V1svOtVs-m6AhDyIzZPnpOrLA () mail gmail com>
Content-Type: text/plain; charset=ISO-8859-1

Try running snort from the command line to display packets (like
tcpdump), make sure to sniff from the same interface you are using in
snort.conf, make sure you see bidirectional traffic.
Also, make sure you uncomment the rule catagories you want to use, I
think its near the bottom of snort.conf, I believe there is an icmp
rule set that is noisy.



On Thu, May 27, 2010 at 3:54 PM, Pedro Marinho <pppmarinho () gmail com>
wrote:


Hello gentlemen,

I would like to ask if someone could post a snort.conf example for a

sensor

that monitors a Microsoft Windows environment.. i think is something

wrong

with my sensors.. i don?t know if it is because i have 2 or more

instances

of snort running or maybe some misconfiguration..

i would be very thankfull for some help





------------------------------------------------------------------------------



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





------------------------------



------------------------------------------------------------------------------


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: