[Snort-sigs] hi

Chris Baker extremis at ...862...
Wed May 21 07:06:12 EDT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hrm, I think you mean 'typos.'

On Wed, May 21, 2003 at 11:44:40AM +0200, pix wrote:
> From: pix <pix at ...1529...>
> To: snort-sigs at lists.sourceforge.net
> Subject: [Snort-sigs] hi
> Date: Wed, 21 May 2003 11:44:40 +0200
> X-Spam-Status: No, hits=-0.9 required=5.0
> 	tests=KNOWN_MAILING_LIST,SPAM_PHRASE_01_02,USER_AGENT,
> 	      USER_AGENT_MOZILLA_UA,X_ACCEPT_LANG
> 	version=2.43
> 
> just installed snort-1.9.1-1snort.i386.rpm
> 
> have found a couple of typpo in the snort.conf text file; if you take 
> also care of that here there are :
> 
> 
> 
> # arpspoof
> #----------------------------------------
> # Experimental ARP detection code from Jeff Nathan, detects ARP attacks,
> # unicast ARP requests, and specific ARP mapping monitoring.  To make use
> # of this preprocessor you must specify the IP and hardware address of 
> hosts on *(cr-lf needed)* # the same layer 2 segment as you.  Specify 
> one host IP MAC combo per line.
> # Also takes a "-unicast" option to turn on unicast ARP request detection.
> # Arpspoof uses Generator ID 112 and uses the following SIDS for that GID:
> #  SID     Event description
> # -----   -------------------           
> #   1       Unicast ARP request
> #   2       Etherframe ARP mismatch (src)
> #   3       Etherframe ARP mismatch (dst)
> #   4       ARP cache overwrite attack
> 
> #preprocessor arpspoof
> #preprocessor arpspoof_detect_host: 192.168.40.1 f0:0f:00:f0:0f:00
> 
> 
> 
> # Conversation
> #------------------------------------------
> # This preprocessor tracks conversations for tcp, udp and icmp traffic.  It
> # is a prerequisite for running portscan2.
> #
> # allowed_ip_protcols 1 6 17
> #      list of allowed ip protcols ( defaults to *any *)
> #
> # timeout [num]
> #      conversation timeout ( defaults to 60 )
> #
> #
> # max_conversations [num]
> #      number of conversations to support at once (defaults to 65335)
> #
> #
> # alert_odd_protocols
> #      alert on protocols not listed in allowed_ip_protocols
> 
> preprocessor conversation: allowed_ip_protocols *all,* timeout 60, 
> max_conversations 32000
> 
> 
> 
> 
> regards
> 
> 
> pix
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: ObjectStore.
> If flattening out C++ or Java code to make your application fit in a
> relational database is painful, don't do it! Check out ObjectStore.
> Now part of Progress Software. http://www.objectstore.net/sourceforge
> _______________________________________________
> Snort-sigs mailing list
> Snort-sigs at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-sigs
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (SunOS)

iD8DBQE+y4Toq4kCqmVQQvgRAhQdAJ0XuPUfLacF9nfh4VvmGLJXf1IBjACZASTW
iYSA6MjrXjyNQ8mc6Hz/GsI=
=b3P3
-----END PGP SIGNATURE-----




More information about the Snort-sigs mailing list