[Snort-sigs] Rules question

Joel Esler (jesler) jesler at ...3865...
Sun Dec 4 19:01:14 EST 2016


-r on the command line of Snort will read in a pcap file.

--
Sent from my iPhone

On Dec 4, 2016, at 6:51 PM, neil ramsarran <neilramsarran at ...12...<mailto:neilramsarran at ...12...>> wrote:


is anyone figured out how to run win practice file on snort as I' m having difficulty with windows 10 and is looking for some guidance on this assignment.


Thanks

Neil


________________________________
From: lists at ...3397...<mailto:lists at ...3397...> <lists at ...3397...<mailto:lists at ...3397...>>
Sent: Thursday, December 1, 2016 9:06 PM
To: snort-sigs at lists.sourceforge.net<mailto:snort-sigs at ...3414...t>
Subject: Re: [Snort-sigs] Rules question

On 12/01/16 20:03, lists at ...3397...<mailto:lists at ...3397...> wrote:
> On 12/01/16 19:43, neil ramsarran wrote:
>> I'm having the same problem , I cannot seem to get the assignment done with
>> running winpractice txt file on the snort. any help will be highly appreciated
> I'm dealing with this as well, if you look on page #203 there is a diagram that
> shows how to correctly implement it.  So in paragraph 3, sentence 5, on page
> #215 it demonstrates this a bit BUT I would assert the problem is running into
> RFC 1918.  If you look down, Diagram #6, they've scoped HOME_NET and
> EXTERNAL_NET on the same /16 and defined it as that.  *clears throat while
> drawing on the chalkboard* as we all know *puts monocle on* 192.168.1.5 and
> 192.168.10.2 sit on that same broadcast domain so it's probably not crossing a
> Layer 3 boundary and capturing on the local interface doesn't show IDS
> traversal.  This seems to be a book editing issue.
>

Sorry for the back to back post, if you guys want to meet up tomorrow around
09:00 I'll be in front of the library.  I'm the guy wearing a backpack with a
textbook



------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot

Slashdot: News for nerds, stuff that matters<http://sdm.link/slashdot>
sdm.link
Slashdot: News for nerds, stuff that matters. Timely news source for technology related news with a heavy slant towards Linux and Open Source issues.



_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs

Snort-sigs Info Page - SourceForge<https://lists.sourceforge.net/lists/listinfo/snort-sigs>
lists.sourceforge.net<http://lists.sourceforge.net>
Snort-sigs -- This is the place to talk about Snort rules/signatures About Snort-sigs




http://www.snort.org

Snort - Network Intrusion Detection & Prevention System <http://www.snort.org/>
www.snort.org<http://www.snort.org>
Snort is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats.




Please visit http://blog.snort.org for the latest news about Snort!

Snort Blog<http://blog.snort.org/>
blog.snort.org<http://blog.snort.org>
Recently on Snort's Twitter account, we posted a picture of an infographic that one of our talented graphic artists Wendy created, and the response was fantastic.




Visit the Snort.org<http://Snort.org> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org<http://SlashDot.org>! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs at lists.sourceforge.net<mailto:Snort-sigs at lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org<http://Snort.org> to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20161205/00f12c93/attachment.html>


More information about the Snort-sigs mailing list