[Snort-devel] [patch] Typos in FAQ.txt

Nicolas Kaiser nikai at ...2723...
Wed Feb 9 06:26:36 EST 2005


Hi there,

I spotted some typos in your Snort FAQ. Patch below. I guess I'm
a bit anal with m(illi) and M(ega) :)
Well, I hope the rest is alright.

Cheers,
n.


--- FAQ.txt.orig	2005-02-07 23:53:45.475271784 +0100
+++ FAQ.txt	2005-02-08 00:45:53.152792528 +0100
@@ -289,7 +289,7 @@
 1.6 Does Snort perform TCP stream reassembly?
 
 Yes, check out the stream4 preprocessor (see FAQ 3.17) that does stateful
-analysis session loggin, tcp reassembly and much much more.
+analysis session logging, tcp reassembly and much much more.
 
 1.7 Does Snort perform stateful protocol analysis?
 
@@ -634,7 +634,7 @@
 
 That depends. Lower the number of rules is a standard performance increase.
 Disable rules that you don't need or care about. There have been many
-discussions on 'tweaking performance' with lots of 'I handle XX mb with a ___
+discussions on 'tweaking performance' with lots of 'I handle XX Mb with a ___
 machine setup.' being said. Look at some of the discussions on the snort-users
 mailing lists.
 
@@ -663,7 +663,7 @@
 
 As for OS selection, use what you like. When we implement Data Acquisition
 Plugin's in Snort 2.0 this may become more of a factor, but for now I'm hearing
-about a lot of people seeing alot of success using Snort on Solaris, Linux,
+about a lot of people seeing a lot of success using Snort on Solaris, Linux,
 *BSD and Windows 2000. Personally, I develop Snort on FreeBSD and Sourcefire
 uses OpenBSD for our sensor appliance OS, but I've been hearing some good
 things about the RedHat Turbo Packet interface (which would require mods for
@@ -807,7 +807,7 @@
 it sent them out, the MAC table gets confused and after a short while devices
 start to drop off the switch. Works like a charm on a hub though.
 
-Another method which uses a capacitor and should work on 100mbs links:
+Another method which uses a capacitor and should work on 100Mbs links:
 
     http://www.geocities.com/samngms/sniffing_cable
 
@@ -1363,7 +1363,7 @@
 
     #
 
-    # Das Skript zum Herunterladen und installieren neuer IDS-Signaturen.
+    # Das Skript zum Herunterladen und Installieren neuer IDS-Signaturen.
 
     #
 
@@ -1428,7 +1428,7 @@
 
     MD5SUM_PARAMS=""
 
-    # The list of sensor interfacec divided by blanks
+    # The list of sensor interfaces divided by blanks
 
     IFACES="eth0"
 
@@ -1530,7 +1530,7 @@
     ####
 
     #
-       Die Funktion zum ueberpruefen, ob und wie Snort auf dem System laeuft     
+       Die Funktion zum Ueberpruefen, ob und wie Snort auf dem System laeuft     
     #
 
     ###########################################################################
@@ -1570,7 +1570,7 @@
 
              "$ECHO" "More Snort instances than found PID files..."
 
-             "$ECHO" "Something is wrong outthere..."
+             "$ECHO" "Something is wrong out there..."
 
              "$ECHO" "Stopping all Snort processes..."
 
@@ -1862,7 +1862,7 @@
 
 Add the syslog switch, -s, and put this statement syslog.conf
 
-    auth.alert         @managmentserverIP
+    auth.alert         @managementserverIP
 
 Look at your snort.conf file for more info on the facility and Priority
 settings.
@@ -2149,7 +2149,7 @@
 an alert is triggered by a rule (signature). Therefore, since alerts generated
 by pre-preprocessors such as portscan and mini-fragment have no corresponding
 rules, no packet information is logged beyond an entry indicating their
-occupance. As a consequence, ACID cannot display any packet-level (e.g. IP
+occupancy. As a consequence, ACID cannot display any packet-level (e.g. IP
 address) information for these alerts. For these particular alerts, certain
 statistics may show zero unique IP addresses, list the IP address as 'unknown',
 and will not list any packet information when decoding the alert.
@@ -2534,7 +2534,7 @@
 about being DoSed when they are spoofed - usually inconveniently like that
 first time you actually manage to get on vacation.... (i.e. imagine "Crisis:
 the CEO can't reach his favorite redlite.org game.... you have to fly back from
-the Carribean asap....")
+the Caribbean asap....")
 
 5.7 What is the best way to use snort to block attack traffic?
 
@@ -2800,7 +2800,7 @@
 
     # 
 
-    # Logfile rotation script for snort writen by jameso at ...2724...
+    # Logfile rotation script for snort written by jameso at ...2724...
 
     # 
 
@@ -2812,7 +2812,7 @@
 
     # keep compressed tgz files of all the logs. It is made to be run
 
-    # at midnight everynight. This script expects you to have a base
+    # at midnight every night. This script expects you to have a base
 
     # dir that you keep all of your logs, rule sets etc in. You can 
 
@@ -2836,7 +2836,7 @@
 
     # week old. Then compress out todays logs and archive them away, and
 
-    # end up by mailling out the logs to you.
+    # end up by mailing out the logs to you.
 
     #
 
@@ -2868,7 +2868,7 @@
     # When I first wrote this script, I only ran it on BSD systems. That was a
 
     #
-     mistake, as BSD systems have a date command that apperently lets you walk the
+     mistake, as BSD systems have a date command that apparently lets you walk the
 
     #
      date back pretty easily. Well, some systems don't have this feature, so I had
@@ -2928,7 +2928,7 @@
 
     # Move the log files into todays log dir. This is done with
 
-    # a for loop right now, because I am afriad that if alot is
+    # a for loop right now, because I am afraid that if a lot is
 
     # logged there may be to many items to move with a "mv *"
 
@@ -3496,7 +3496,7 @@
 rules file: /root/.snortrc or /root//root/.snortrc". What can I do to fix this?
 
 When Snort starts it looks at the command line and checks for "-c /some/path/
-snort.conf". If thats not there, then it will look for the one of the following
+snort.conf". If that's not there, then it will look for the one of the following
 files:
 
   * /etc/snort.conf




More information about the Snort-devel mailing list