Snort mailing list archives

Re: Snorby Snort or Barnyard scrambles IPs

From: Alex Aune <lists () aewne net>
Date: Tue, 01 Apr 2014 09:08:13 +0200

Barnyard2 has an option to obfuscate IPs. I've never tried it so I'm not 
certain it'll use the X's seen below.

See "config obfuscate"

Alex

On 31.03.2014 08:57, Ilja Schumacher wrote:

Hey fellows,

I have just finished setting up snort barnyard mysql pulledpork and
snorby in an ARM5 box.

Everything works very nice except that snorby shows totally scrambled
IPS for source and destination.

Example:
 Real source 82.56.35.23
 Real destination 192.168.1.13

Snorby shows:
 Source 82.56.XX1.13
 Destination 192.168.X35.23

X is 1 most of the time.

Setup is:
 Internet. Firewall/NAT. LanportMirror. Snort.

Do you have a clue what may cause such strange behaviour?

Cheers
 Ilja
------------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest 
Snort news!


------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Re: Snorby Snort or Barnyard scrambles IPs Alex Aune (Apr 01)
- <Possible follow-ups>
- Re: Snorby Snort or Barnyard scrambles IPs Ilja Schumacher (Apr 01)
  - Re: Snorby Snort or Barnyard scrambles IPs beenph (Apr 01)