Snort mailing list archives

Re: Trouble in triggering the snort rule to detect FTP Brute Force attack

From: "evilghost () packetmail net" <evilghost () packetmail net>
Date: Mon, 12 Apr 2010 09:18:51 -0500

Nothing in what Manju said could I even loosely interpret as a homework 
question.  I'm not going to take this thread off-topic but Nigel's 
response was unprofessional, unwarranted, and certainly not something I 
would construe as being in alignment with the rationale behind the 
snort-sigs discussion list to begin with.

It seems to me that Manju asked a legitimate question and was getting 
some good help then Nigel came in and adding nothing but accusations.  I 
guess he had a bad weekend and felt the need to lash out.  Perhaps he 
couldn't source an iPad after long hours of camping out.

-evilghost

Joel Esler wrote:

On Apr 12, 2010, at 9:54 AM, "evilghost () packetmail net" <evilghost () packetmail net> wrote:

This looks suspiciously like a question from a student on a course
that includes Snort in it. i.e. A contrived situation.

The answers you seek are in the snort manual, the README files and the
many other sources of information on the Internet.

Manjushree just try not to put too much faith in the manual since it 
seems like it was a task assigned to a student in a course that includes 
Snort and the student was ESL.


Evilghost, we get the same series of questions every year, and the professors of these classes appreciate it when we 
don't specifically provide the answer.

As for the manual, we are going to be taking a look at that in the upcoming timeframe and really trying to make it as 
best as we can, until then, please continue to provide the little things like colons and spaces in the wrong places. 
That helps. 

J


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

Current thread:

Trouble in triggering the snort rule to detect FTP Brute Force attack manjushree ks (Apr 12)
- Re: Trouble in triggering the snort rule to detect FTP Brute Force attack Eoin Miller (Apr 12)
  - Re: Trouble in triggering the snort rule to detect FTP Brute Force attack Nigel Houghton (Apr 12)
    - Re: Trouble in triggering the snort rule to detect FTP Brute Force attack evilghost () packetmail net (Apr 12)
    - Re: Trouble in triggering the snort rule to detect FTP Brute Force attack Joel Esler (Apr 12)
    - Re: Trouble in triggering the snort rule to detect FTP Brute Force attack evilghost () packetmail net (Apr 12)
    - Re: Trouble in triggering the snort rule to detect FTP Brute Force attack CunningPike (Apr 12)
    - Re: Trouble in triggering the snort rule to detect FTP Brute Force attack evilghost () packetmail net (Apr 12)
- Re: Trouble in triggering the snort rule to detect FTP Brute Force attack L0rd Ch0de1m0rt (Apr 12)
- Re: Trouble in triggering the snort rule to detect FTP Brute Force attack Joel Esler (Apr 12)