Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Honeypots: FW: Snort-Inline not working

FW: Snort-Inline not working

From: Ian J. Hudson <ihudson_at_waspc.org>
Date: Wed, 23 Aug 2006 16:27:44 -0700

Below is what I've encountered I'm really trying to get this to work,
not sure what went wrong.

Regards,
Ian J Hudson
IT Systems Specialist
WASPC
ihudson_at_waspc.org
360.486.2380
>>
>> Sorry to bug you. With the Honeywall I've been able to see
stuff
>> happening with DNS externally, but I can't seem to get Snort,
>> Snort-Inline to work no matter how many restarts, reloads, and
> reboots.
>> As a result the honeywall restricts all outgoing and incoming
traffic.
>> That's the only hang up I am having with Honeywall currently
> everything
>> seems to be updated ran yum have it configured to autoupdate although
>> one of the update sites is bad. Other than that do you have any idea
>> how to fix Snort, Snort-Inline? I had previously thought it was a
bad
>> IPtables configuration, or the rc.firewall script, but those all
> should
>> be automated which leaves it to this possibly Snort, Snort-inline
> isn't
>> working, which they don't appear to be running.

Running Services..

argus (pid 3815 3270 3269) is running...
bridge name bridge id STP enabled interfaces
br0 8000.0002a58972f8 no eth0
                                                        eth1
cpuspeed is stopped
crond (pid 3984) is running...
dc_client is stopped
dc_server is stopped
gpm (pid 3975) is running...
hald (pid 4023) is running...
argus (pid 3815 3270 3269) is running...
hflowd (pid 3808) is running...
mysqld (pid 3170) is running...
p0f (pid 3336) is running
hflow-pcap (pid 3415) is running
snort-plain dead but subsys locked
snort-inline dead but pid file exists
httpd (pid 3823 3822 3821 3820 3819 3818 3817 3816 3738) is running...
Honeywall health as of Tue Aug 22 05:46:20 PDT 2006
Currently active devices:
lo
eth0
eth1
eth2
br0
bridge name bridge id STP enabled interfaces
br0 8000.0002a58972f8 no eth0
                                                        eth1
/etc/init.d/rc.firewall is active
hflowd (pid 3808) is running...
snort-inline dead but pid file exists
snort-plain dead but subsys locked
hflow-pcap (pid 3415) is running
p0f (pid 3336) is running
argus (pid 3815 3270 3269) is running...
mysqld (pid 3170) is running...
sebekd (pid 3647) is running...
Related services:
monit is stopped
swatch (pid 3908) is running...
Currently active devices:
lo
eth0
eth1
eth2
br0
Firewall is stopped.
irqbalance (pid 2762) is running...
dbus-daemon-1 (pid 4014) is running...
/etc/init.d/microcode_ctl: reading microcode status is not yet supported
monit is stopped
monit is stopped
mysqld (pid 3170) is running...
netplugd is stopped
Configured devices:
lo eth0 eth1 eth2
Currently active devices:
lo eth0 eth1 eth2 br0
ntpd is stopped
p0f (pid 3336 3061) is running...
master (pid 3964) is running...
/etc/init.d/rc.firewall is active
saslauthd is stopped
sebekd (pid 3647) is running...
smartd is stopped
snort dead but subsys locked
sshd (pid 5607 5605 3667) is running...
swatch (pid 3908) is running...
syslogd (pid 2748) is running...
klogd (pid 2752) is running...
httpd (pid 3823 3822 3821 3820 3819 3818 3817 3816 3738) is running...
xfs (pid 4005) is running...
xinetd is stopped
Nightly yum update is disabled.
Received on Aug 23 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos