Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Obfuscation of binary logs

From: Alberto Gonzalez <ag-snort () cerebro violating us>
Date: Fri, 15 Nov 2002 12:32:49 -0800
You just have to run the binary log back through snort.

Taken from http://www.snort.org/docs/writing_rules/chap1.html#tth_sEc1.5:

/usr/local/bin/snort -d -v -r snort.log -O -h 192.168.1.0/24

Urgh, Erek isn't it too early for drinking!?!?

   - Albert

Grime, Richard S wrote:


Hi,
I note from the man page that -O and -h can be used to obfuscate the home IP address in ASCII packet dump mode - how (can?) this functionality be used for binary logs? Thanks, Richard 


--
The secret to success is to start from scratch and keep on scratching.




-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: