Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Problems with Policy-Based Rules file

From: "Alex Butcher, ISC/ISYS" <Alex.Butcher () bristol ac uk>
Date: Thu, 04 Nov 2004 09:02:08 +0000
--On 03 November 2004 14:16 -0500 "Kaplan, Andrew H." <AHKAPLAN () PARTNERS ORG> wrote: 


1. Two servers with the addresses of 192.168.2.2 and 192.168.2.3 are
sending requests via port 1985 to the 226.0.0.2:1985 multicast address
via UDP. I added  a section to the file that calls for a pass of said
traffic from both servers via TCP and UDP. Even though I added it to the
file, I am still getting  a large amount of alerts from both machines.


[snip]


The version of Snort that is being run is version 2.1.3, and the syntax
used to run the program is /usr/sbin/snort -o -u snort -g snort -d -D -c
/etc/snort/snort.conf -i eth0
That would appear to indicate that the '-o' ("pass first") option isn't working. Use ps to verify that Snort is *really* running with the -o option. 

Best Regards,
Alex.
--
Alex Butcher: Security & Integrity, Personal Computer Systems Group
Information Systems and Computing             GPG Key ID: F9B27DC9
GPG Fingerprint: D62A DD83 A0B8 D174 49C4 2849 832D 6C72 F9B2 7DC9




-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: