[Snort-users] Snort, php, MySQL and acid showing no activity

Jim Burwell jimb at ...6373...
Fri Aug 23 13:31:02 EDT 2002


My quick and dirty 'trip an alert ' is:  
    telnet <web server> 80  
    GET /bin/ps

Instant alert.

- Jim


Demetri Mouratis wrote:

>Nmap is a easier and faster in that it doesn't require client/server
>setup:
>
>http://www.insecure.org
>
>HTH
>On Fri, 23 Aug 2002, Randy Bey wrote:
>
>>Oh yes, you need to do something to trigger a rule. I usually just run a
>>quick Nessus(tm) scan; that does it for me.
>>
>>If there are faster, easier ways to trip a rule, please someone let me
>>know.
>>
>>Randy Bey
>>RiverNorth Systems
>>7300 W 147th St Suite 300
>>Apple Valley, MN 55124
>>http://www.rivernorthsys.com
>>
>>
>>-----Original Message-----
>>From: Joshua Rogers [mailto:josh at ...6676...]
>>Sent: Friday, August 23, 2002 10:24 AM
>>To: Snort-users at lists.sourceforge.net
>>Subject: Re: [Snort-users] Snort, php, MySQL and acid showing no
>>activity
>>
>>I just tried: /usr/local/bin/snort -c /etc/snort/snort.conf -D from the
>>command line. It created an additional sensor, but still no activity in
>>the
>>db. Do I need to create any alerts? It seems that I can not create a
>>useful
>>alert until I have a traffic pattern to base it on. Am I correct in this
>>assumption?
>>
>>Thanks,
>>Joshua Rogers
>>Webmaster
>>InterPlanetary Web Services
>>303-940-2597
>>IBO# 60092
>>----- Original Message -----
>>From: "Randy Bey" <Randy.Bey at ...6683...>
>>To: "Joshua Rogers" <josh at ...6676...>; <Snort-users at lists.sourceforge.net>
>>Sent: Friday, August 23, 2002 9:31 AM
>>Subject: RE: [Snort-users] Snort, php, MySQL and acid showing no
>>activity
>>
>>
>>Have you made sure you aren't using any -A switches on your snort
>>command line? It should be as simple as:
>>/usr/local/bin/snort -c /etc/snort/snort.conf -D
>>
>>
>>Randy Bey
>>RiverNorth Systems
>>7300 W 147th St Suite 300
>>Apple Valley, MN 55124
>>http://www.rivernorthsys.com
>>
>>
>>-----Original Message-----
>>From: Joshua Rogers [mailto:josh at ...6676...]
>>Sent: Thursday, August 22, 2002 4:28 PM
>>To: Snort-users at lists.sourceforge.net
>>Subject: [Snort-users] Snort, php, MySQL and acid showing no activity
>>
>>Hi,
>>I do not know what information will be helpful in showing me how to
>>track
>>down a problem on my system, but here goes. I am running:
>>Red Hat Linux 7.3 with the latest updates
>>PHP 4.2.1, register globals=on
>>Apache 1.3.26
>>MySQL 3.23.39
>>GD 1.6.2
>>The latest acid
>>BCMath
>>
>>I followed the great doc on setting up snort-rh7-mysql, from the snort
>>website. I had to make a few changes since I am running 7.3 and did not
>>have
>>all of the drive space shown in the doc. Somewhere along the line I
>>think I
>>missed something. Snort and MySQL seems to be running, the acid
>>interface
>>comes up fine with no errors but there is no data that shows up in the
>>database or in the acid interface.
>>What information would you need to help point me in the right direction
>>to
>>get snort recording data?
>>
>>Thanks,
>>Joshua Rogers
>>Webmaster
>>InterPlanetary Web Services
>>303-940-2597
>>IBO# 60092
>>
>>
>>
>>-------------------------------------------------------
>>This sf.net email is sponsored by: OSDN - Tired of that same old
>>cell phone?  Get a new here for FREE!
>>https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
>>_______________________________________________
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>
>>-------------------------------------------------------
>>This sf.net email is sponsored by: OSDN - Tired of that same old
>>cell phone?  Get a new here for FREE!
>>https://www.inphonic.com/r.asp?r=urceforge1&refcode1=3390
>>_______________________________________________
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.php3?list=ort-users
>>
>>
>>
>>
>>-------------------------------------------------------
>>This sf.net email is sponsored by: OSDN - Tired of that same old
>>cell phone?  Get a new here for FREE!
>>https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
>>_________________________
>>
>
>---------------------------------------------------------------------
>Demetri Mouratis
>dmourati at ...3878...
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by: OSDN - Tired of that same old
>cell phone?  Get a new here for FREE!
>https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>






More information about the Snort-users mailing list