[Snort-users] ACID and snort

F.M. Taylor root at ...28...
Thu Oct 12 17:49:19 EDT 2000


The smae thing happens to me using Lynx, but when I switch to netscape it
works fine, YMMV.


On Thu, 12 Oct 2000, Ron 'The InSaNe One' Rosson wrote:

> Using acid at home on my home network and just found some time to really
> see what I have.. When poking around I found when I click on alert
> listing and click on one of the signatures in the listing I get:
> 
> No Packets were found matching the specified criteria. 0 Rows returned.
> 
> Am I missing something.. Here is my config:
> 
> # This is the all encompassing rule set for snort.
> # Created 07/01/2000
> # Revision 1.1
> 
> var INTERNAL xxx.xxx.xx3.224/28
> var EXTERNAL !xxx.xxx.xx3.224/28
> var HOME_NET xxx.xxx.xx3.224/28
> 
> preprocessor http_decode: 80 443 8080
> preprocessor minfrag: 128
> preprocessor portscan: $INTERNAL 3 5 /var/log/snort/portscan
> preprocessor portscan-ignorehosts: $INTERNAL xxx.xxx.xxx.10 xxx.xxx.xxx.20
> output log_database: mysql, dbname=snort user=snort host=localhost
> 
> 
> Since this is a small network and it is MY network I am wondering if I
> am missing anything that I could have snort doing.. This is a learn in
> progress thing for me to see what it does and what stupid things people
> will try on my small network. I am running Version 1.7-beta0. Here is
> the command line I use for my installation of snort.
> 
> /usr/local/bin/snort -D -s -d -c /etc/snort.rules
> 
> 
> TIA
> -- 
> ------------------------------------------------------------------------------
> Ron Rosson          			      ... and a UNIX user said ...
> The InSaNe One                 			      rm -rf *
> insane at ...322...     	            and all was /dev/null and *void()
> ------------------------------------------------------------------------------
> I've learned that no matter how much I care, some people are just assholes.
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 

---
Mike Taylor
Coordinator of Systems Administration and Network Security
Indiana State University.               Rankin Hall Rm 039
210 N 7th St.                           Terre Haute, IN.
Voice: 812-237-8843                                  47809
---
"You have zero privacy anyway.  Get over it."
           --Scott McNealy, Sun MicroSystems. 




More information about the Snort-users mailing list