Home page logo
/

snort logo Snort mailing list archives

Re: 0 byte unifed log output
From: Joel Esler <jesler () sourcefire com>
Date: Mon, 29 Apr 2013 11:10:50 -0400

On Apr 25, 2013, at 7:37 AM, John Ainsworth <john.ainsworth () thebookpeople co uk> wrote:

Hi
 
Im sure it is something to do with rules, I turned on fastalert and tailed the fastalert file over night and did 
finally get some data but the only alert raised was the one below, repeated lots of times
 
04/25-09:22:35.816992  [**] [1:24814:2] SNMP Samsung printer default community s
tring [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1
] {UDP}
 
I cant believe that is the only attack we would see, we are ecommerce and app logs are full of people probing to see 
what they can/cant get into, I have downloaded the lastest rule set and updated as directed but can only detect a 
SNMP probe.

Has anyone suggested adding "-k none" to your command line in this thread yet?

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]