FW: Snort 1.6 and nmap 2.54beta1

[brian.d.mila () lmco com (Mila, Brian D)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
so it looks like I similarly alarmed people by forwarding the first message
prematurely.  Oh well,
never hurts to upgrade ;)

brian

> -----Original Message-----
> From: Galileo [SMTP:galileo () MAILANDNEWS COM]
> Sent: Sunday, May 14, 2000 9:03 PM
> To:   BUGTRAQ () SECURITYFOCUS COM
> Subject:      Re: Snort 1.6 and nmap 2.54beta1
>
> > What parameters had you given snort?
>
> -vl /temp/snort or just -l /temp/snort
>
> > What ruleset are you using? (could be triggered by preprocessor)
>
> no rulset.If used with ruleset snort works fine.
>
> snort -vc snort-lib ( or 06082k.rules ) -l /temp/snort   and everything is
> okay.
> I'm sorry abouth this it loks like I alarmed a lot of people without a
> reason since very few people use snort withouth a ruleset.
> When I found this I was playing with snort for the first time.
> It looks like  when a ruleset is applied all errors disapear.
> for example -vdC after a couple of minutes gives a "garbled" screen and
> you
> have to logout to restore the screen or
> -vd gives this kind of error : "Got NULL ptr in PrintNetData" but still
> continues to work.
> But when a ruleset is applied no errors apear.
>
> > What is your network topology?
>
> I don't realy have a network :) .One machine with a vmware virtual machine
> on top of it and virtual network betwen them.