[Snort-users] Re: [snort] SEGV in snort 1.6.2.2

Sys Admin sysadmin at ...16...
Wed Jul 19 03:03:04 EDT 2000


At 16:45 19/07/2000, you wrote:
>It looks like the rule parser is choking on something.  Did you define your
>$HOME_NET variable?  What rules are you running?

preprocessor http_decode: 80 443 8080
preprocessor minfrag: 128
preprocessor portscan: 129.78.154.1/32 3 5 /var/log/snort/portscan.log
#                      ^^^^^^^^^^^    ^ ^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^
#                               |     | |              |
#Your IP address or Network here+     | |              |
#                                     | |              |
#Ammount of ports being connected-----+ |              |
#   in this                             |              |
#Interval (in seconds)------------------+              |
#                                                      |
#Log file (path/name)----------------------------------+

preprocessor portscan-ignorehosts:
# Hosts to ignore in portscan detection

#---------------------------------------------
# CHANGE THE NEXT LINE TO REFLECT YOUR NETWORK
# (Single system = your ip/32)
var HOME_NET 129.78.154.1/32
#---------------------------------------------


The rules are the default ones which came with snort.
-------------------- )O( ---------------------
Jason     Oakley  Computer   Systems   Officer
Pharmacy Faculty  University     of     Sydney
Phone  9351 5647  http://www.pharm.usyd.edu.au

Split a piece of wood and you will find me
Lift a rock and I am there.





More information about the Snort-users mailing list