[Snort-devel] Latest CVS broken?

A.L.Lambert max at ...425...
Tue May 15 19:45:57 EDT 2001


	Since rumor has it we're getting close to a new release, I
thought I'd grab the latest CVS and see what it could do... 

	Is it just me, or is the latest CVS version of snort broken
(downloaded about 4 hours ago)?  With the following config (cut down to
barebones from the original I wanted to start with):

---
var HOME_NET x.x.x.x/24
var EXTERNAL !$HOME_NET
var INTERNAL $HOME_NET
var EXTERNAL_NET !$HOME_NET
var SMTP $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET

# classifictions of attack types
include /etc/snort/class.config

# Vision18.rules from www.whitehats.com (for nids 1.8)
include /etc/snort/vision18.rules
---

And command line:

snort -c /etc/snort/snort.conf

	I can nmap, hping, and run various exploit code all day long, and
never get a single alert...

	Am I doing something wrong?

-- A.L.Lambert
------------------------------------------------------------------------
The problems that exist in the world today cannot be solved by the level
of thinking that created them...
	-Einstein
------------------------------------------------------------------------





More information about the Snort-devel mailing list