[Snort-users] Latest CVS -- near total silence

Martin Roesch roesch at ...421...
Fri Apr 6 23:31:39 EDT 2001


Nope, maybe the hackers have decided to leave you alone for a while...
:)

     -Marty

"Scott A. McIntyre" wrote:
> 
> The latest CVS, Build 9, is nearly completely silent on alerts for me
> using what was a standard ruleset (from the web site, with some local
> modifications).
> 
> I'm getting only one or two alerts being made, such as rpc.statd
> queries, which indeed are happening, but lots of other things are
> happening as well (independently verified / tested), but snort is
> essentially ignoring them.
> 
> snort -t /log/snort -i de0 -A full -o -b -c snort.conf -l log/output/
> 
> Is one way I invoke snort, and nothing has changed rule wise...
> 
> No errors are reported in the output.
> 
> I know that the latest build became more strict about rule parsing, thus
> the errors that I found with comma seperated lists of port numbers
> earlier, but has something else fundamentally changed that could cause
> near total silence?
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list