Home page logo

snort logo Snort mailing list archives

@snort alert
From: anagha b <banagha3 () gmail com>
Date: Thu, 28 Nov 2013 13:14:05 +0530


I have tried udp fllod using hping on snort .

hping3 --rand-source --udp <victim ip>

I havenot specified any rule just stated snort.

Barnyard giving follwing o/p

Opened spool file '/var/log/snort/snort.u2.1385615747'
11/28-10:52:59.013928  [**] [1:1000002:0] Snort Alert [1:1000002:0] [**]
[Classification ID: 0] [Priority ID: 0] {TCP} ->
INFO: Current event with event_id [1] Event Second:Microsecond
[1385616179:13928] and signature id of [1000002] was logged with a revision
of [0]
      Make sure you verify your triggering  rule body so it include the
snort keyword "rev:xxx;" Where xxx is greater than 0
The event has not been logged to the database<<<<<<

I have to specify my rule for detection ? Snort must have signature to
detecet this then why this kind of o/p?

Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]