[Snort-devel] Latest CVS broken?

rottz at ...403... rottz at ...403...
Tue May 15 20:35:41 EDT 2001


Adam,

Try
snort -d -c /etc/snort/snort.conf
Otherwise is doesn't dump the application layer. I also use -D -A full
-u snort FYI
Even tho my snort CVS is from May 12th, I'll download the latest and see
if there is any difference.

Peter
rottz at securityflaw dot com

>"A.L.Lambert" wrote:
> 
>         Since rumor has it we're getting close to a new release, I
> thought I'd grab the latest CVS and see what it could do...
> 
>         Is it just me, or is the latest CVS version of snort broken
> (downloaded about 4 hours ago)?  With the following config (cut down to
> barebones from the original I wanted to start with):
> 
> ---
> var HOME_NET x.x.x.x/24
> var EXTERNAL !$HOME_NET
> var INTERNAL $HOME_NET
> var EXTERNAL_NET !$HOME_NET
> var SMTP $HOME_NET
> var HTTP_SERVERS $HOME_NET
> var SQL_SERVERS $HOME_NET
> var DNS_SERVERS $HOME_NET
> 
> # classifictions of attack types
> include /etc/snort/class.config
> 
> # Vision18.rules from www.whitehats.com (for nids 1.8)
> include /etc/snort/vision18.rules
> ---
> 
> And command line:
> 
> snort -c /etc/snort/snort.conf
> 
>         I can nmap, hping, and run various exploit code all day long, and
> never get a single alert...
> 
>         Am I doing something wrong?
> 
> -- A.L.Lambert
> ------------------------------------------------------------------------
> The problems that exist in the world today cannot be solved by the level
> of thinking that created them...
>         -Einstein
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel




More information about the Snort-devel mailing list