[Snort-users] Snort & Snot

Ronneil Camara ronneilc at ...4042...
Tue Jan 22 09:09:06 EST 2002


-> -----Original Message-----
-> From: bluz [mailto:bluz at ...4636...]
-> Sent: Tuesday, January 22, 2002 10:43 AM
-> To: snort-users at lists.sourceforge.net
-> Subject: [Snort-users] Snort & Snot
-> 
-> 
-> Hi, 
-> 
-> I'm sorry if this question has come up before, but I'm new 
-> to the list
-> and couldn't find any mention of this in the archives.... 
-> 
-> I've been running SNORT 1.83 for a while and it seems to be working
-> fine.  I just installed SNOT 0.92a and have run multiple RULE files
-> against SNORT... 
-> 
-> The problem is, only a small percentage of SNOT generated attacks is
-> reported by SNORT on the attacked system.  I'm not sure if 
-> the problem
-> is SNORT or SNOT. 

First question is, is your sensor connected to a switch?
Second is, if so, is the port where you sensor is connected configured as a monitoring port?
Third is, your $home_net. Check it out.
Fourth is, you might be using -z est param.

Hope this helps...

neil




More information about the Snort-users mailing list