Home page logo
/
snort logo
Snort Mailing List

Everyone's favorite open source IDS, Snort. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
20149161101774
2013123814311251825
201280773112451527
20111399829660657
201086410008921152
2009352616423604
2008277264220278
2007218295379283
2006393476403333
20051684725777616
20041913180517291399
20033113303423072165
20022884250425702572
2001148830852640

Latest Posts

Fw: Snort[]: FATAL ERROR: Event6 type not yet supported! vinay kadagave (Sep 02)


Hello,

Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay...

Sourcefire VRT Certified Snort Rules Update 2014-09-02 Research (Sep 02)
Sourcefire VRT Certified Snort Rules Update

Synopsis:
This release adds and modifies rules in several categories.

Details:
The VRT has added and modified multiple rules in the blacklist,
browser-ie, browser-plugins, file-flash, file-office,
indicator-shellcode, malware-backdoor, malware-cnc, policy-other and
server-webapp rule sets to provide coverage for emerging threats from
these technologies.

For a complete list of new and modified rules...

Re: configuring rules Joel Esler (jesler) (Sep 02)
Yes.

http://manual.snort.org/node53.html

Re: configuring rules Sharif Uddin (Sep 02)
Is it possible to have multiple ip addresses instead of just networks in

ipvar HOME_NET

From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: 02 September 2014 17:17
To: Sharif Uddin
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] configuring rules

Dear Sharif,

Thanks for your email. I believe you will find what you are looking for here:
http://manual.snort.org/node31.html#SECTION00446000000000000000

Re: configuring rules Joel Esler (jesler) (Sep 02)
Dear Sharif,

Thanks for your email. I believe you will find what you are looking for here:
http://manual.snort.org/node31.html#SECTION00446000000000000000

Re: configuring rules Sharif Uddin (Sep 02)
How would I add classification, severity on custom alerts?

From: Joel Esler (jesler) [mailto:jesler () cisco com]
Sent: 02 September 2014 16:49
To: Sharif Uddin
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] configuring rules

It appears that all of your rules are bi-directional. "<>". Try making them single directional "->"

Re: configuring rules Joel Esler (jesler) (Sep 02)
It appears that all of your rules are bi-directional. “<>”. Try making them single directional “->”

configuring rules Sharif Uddin (Sep 02)
Hello

I needs some help in writing some rules to test my network.

I have set up snort, barnyard2, snorby on centos 7

My home network is

ipvar HOME_NET...

Re: Query on log_tcpdump Balasubramaniam Natarajan (Sep 02)
Thanks will look into it.

Re: Query on log_tcpdump Y M (Sep 02)
Check custom rule actions with "ruletype" keyword: http://manual.snort.org/node29.html. It does not necessarily align
with what you are asking, but may be a good start.
YM

From: bala150985 () gmail com
Date: Mon, 1 Sep 2014 12:50:25 +0530
To: snort-users () lists sourceforge net; snort-devel () lists sourceforge net
Subject: [Snort-users] Query on log_tcpdump

Hi

Would it be possible to write a rule on snort which will use...

Re: Facing problem using AFPACKET Anshuman Anil Deshmukh (Sep 02)
Hi James,

My config detection is same as you.

config detection: search-method ac-split search-optimize max-pattern-len 20

Regards,
Anshuman

From: James Lay [mailto:jlay () slave-tothe-box net]
Sent: Tuesday, September 2, 2014 12:17 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Facing problem using AFPACKET

Hi,

We are trying to setup Snort inline with AFPACKET but we see very high latency say around 1500 to 2000 ms...

Re: Query on log_tcpdump waldo kitty (Sep 02)
i'm not aware of /snort/ being able to do this but external tools might be able
to... consider that some of them can send alerts to one's portable device when
certain alerts are emitted...

Re: Facing problem using AFPACKET Y M (Sep 01)
From: anshuman () cybage com
To: snort-users () lists sourceforge net
Date: Mon, 1 Sep 2014 17:56:53 +0000
Subject: [Snort-users] Facing problem using AFPACKET

Hi,

We are trying to setup Snort inline with AFPACKET but we see very high latency say around 1500 to 2000 ms while doing
so. We tried running Snort with different options but getting same result for all of them.

Options tried:
a.
Disabling all the rules (text based rules and...

Re: Facing problem using AFPACKET James Lay (Sep 01)
What's your config detection look like? Mine below:

config detection: search-method ac-split search-optimize max-pattern-len
20

Check out:

http://manual.snort.org/node16.html#SECTION00313000000000000000

For other search-methods.

James

------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds. Stuff that matters.
http://tv.slashdot.org/_______________________________________________...

Facing problem using AFPACKET Anshuman Anil Deshmukh (Sep 01)
Hi,

We are trying to setup Snort inline with AFPACKET but we see very high latency say around 1500 to 2000 ms while doing
so. We tried running Snort with different options but getting same result for all of them.

Options tried:

a. Disabling all the rules (text based rules and so rules) with normalization enabled

b. Disabling all the rules (text based rules and so rules) with normalization enabled disabling the decoder and...

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]