Home page logo
/

snort logo Snort mailing list archives

@snort alert
From: anagha b <banagha3 () gmail com>
Date: Thu, 28 Nov 2013 13:14:05 +0530

Hi

I have tried udp fllod using hping on snort .

hping3 --rand-source --udp <victim ip>


I havenot specified any rule just stated snort.

Barnyard giving follwing o/p

Opened spool file '/var/log/snort/snort.u2.1385615747'
11/28-10:52:59.013928  [**] [1:1000002:0] Snort Alert [1:1000002:0] [**]
[Classification ID: 0] [Priority ID: 0] {TCP} 192.168.111.80:49554 ->
victimip:2987
INFO: Current event with event_id [1] Event Second:Microsecond
[1385616179:13928] and signature id of [1000002] was logged with a revision
of [0]
      Make sure you verify your triggering  rule body so it include the
snort keyword "rev:xxx;" Where xxx is greater than 0
The event has not been logged to the database<<<<<<


I have to specify my rule for detection ? Snort must have signature to
detecet this then why this kind of o/p?

Help.
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]