[Snort-users] ACID and snort

Ron 'The InSaNe One' Rosson insane at ...321...
Thu Oct 12 15:29:48 EDT 2000


Using acid at home on my home network and just found some time to really
see what I have.. When poking around I found when I click on alert
listing and click on one of the signatures in the listing I get:

No Packets were found matching the specified criteria. 0 Rows returned.

Am I missing something.. Here is my config:

# This is the all encompassing rule set for snort.
# Created 07/01/2000
# Revision 1.1

var INTERNAL xxx.xxx.xx3.224/28
var EXTERNAL !xxx.xxx.xx3.224/28
var HOME_NET xxx.xxx.xx3.224/28

preprocessor http_decode: 80 443 8080
preprocessor minfrag: 128
preprocessor portscan: $INTERNAL 3 5 /var/log/snort/portscan
preprocessor portscan-ignorehosts: $INTERNAL xxx.xxx.xxx.10 xxx.xxx.xxx.20
output log_database: mysql, dbname=snort user=snort host=localhost


Since this is a small network and it is MY network I am wondering if I
am missing anything that I could have snort doing.. This is a learn in
progress thing for me to see what it does and what stupid things people
will try on my small network. I am running Version 1.7-beta0. Here is
the command line I use for my installation of snort.

/usr/local/bin/snort -D -s -d -c /etc/snort.rules


TIA
-- 
------------------------------------------------------------------------------
Ron Rosson          			      ... and a UNIX user said ...
The InSaNe One                 			      rm -rf *
insane at ...322...     	            and all was /dev/null and *void()
------------------------------------------------------------------------------
I've learned that no matter how much I care, some people are just assholes.



More information about the Snort-users mailing list