Re: I am a newbie

[Fabien Delmotte <fdelmotte1 () mac com>]

Hello Waldo,

I am updating my snort (I am under Debian and it seems that the package is old).

> what is the problem? all you've written are statements about what you did but 
> nothing about what you expect to see or what you are seeing...


I would like to see a log.

Regards

Fabien

Le 3 janv. 2014 à 16:06, waldo kitty <wkitty42 () windstream net> a écrit :

> On 1/3/2014 5:36 AM, Fabien Delmotte wrote:
> > Hello
> >
> > I am using snort 2.9.2.2
>
> that's really old and is no longer supported...
>
> http://blog.snort.org/2012/08/snort-2922-is-end-of-life.html
>
>
> > I am trying to setup a rule for UDP flow
> > # DOS-UDP Flooding Attack RULE
> > #alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"UDP_Flood Attack!!!!!";
> > threshold:type threshold, track by_src, count 3, seconds 20; sid:1000001; rev:1;)
> >
> > alert udp any any -> any any (msg:"UDP_Flood Attack!!!!!";sid:1000001;)
>
> you should put a revision number on all your rules... increment any time the 
> rule gets a major update to its detection functionality...
>
> > #alert icmp any any -> anyT any (msg:"ICMP testing"; sid:10000001;)
> >
> > I am sending UDP packet (I done a TCPDUMP)
> >
> > I also removed all the rule in the snort.conf file, I just let my rule :)
> >
> > Any comment ?
>
> what is the problem? all you've written are statements about what you did but 
> nothing about what you expect to see or what you are seeing...
>
> -- 
> NOTE: No off-list assistance is given without prior approval.
>       Please keep mailing list traffic on the list unless
>       private contact is specifically requested and granted.
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT 
> organizations don't have a clear picture of how application performance 
> affects their revenue. With AppDynamics, you get 100% visibility into your 
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!