[Snort-users] Attention: Win32 Users - Snort 1.8.7 "STABLE RELEASE" Binaries Available

Michael Steele michaels at ...155...
Wed Jul 10 17:04:04 EDT 2002


Don,

If you are going to use Flexible Response then you will need to drop the
LibnetNT.dll file into the same folder as Snort. The file is included
with the binary. You will also need to convert the rules to use
FlexRESP.

There is a difference in each version. Snort is one file, so that's why
the different binaries. When I packaged Snort I started with the basic
files for the Snort package. I then dropped each binary of Snort into
the basis package, and compressed it for distribution. The only other
file that I added to the basic package was LibNetNT.dll which I only
added to the FlexRESP packages. 

-Michael
-- 
 Michael Steele | system engineer     
 mailto:michaels at ...155...    
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: Don [mailto:Don at ...5881...] 
Sent: Wednesday, July 10, 2002 4:49 PM
To: Michael Steele; snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Attention: Win32 Users - Snort 1.8.7 "STABLE
RELEASE" Binaries Available

is there actually a difference btwn the varied builds, specific files
etc,
is there any reference, to tell me what exact files are diff btwn say,
snort
barebones release and flexresp release, for instance maybe everything is
running well, and i want to go from barebones to flex, are there
specific
file i need to change, or can i juts change the snort.exe, or do i need
to
replace everything and go thru all my rules again?

any suggestions

> >-----Original Message-----
> >From: snort-users-admin at lists.sourceforge.net
> >[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Michael
> >Steele
> >Sent: Tuesday, July 09, 2002 10:19 AM
> >To: snort-users at lists.sourceforge.net
> >Subject: [Snort-users] Attention: Win32 Users - Snort 1.8.7 "STABLE
> >RELEASE" Binaries Available
> >
> >
> >To all Windows users of Snort:
> >
> >Sorry for the confusion as I released Snort 1.87b127 the same day as
> >Snort 1.8.7b128 was being released as the OFFICIAL "Snort 1.8.7
STABLE
> >RELEASE".
> >
> >Please read all the notices below.
> >
> >The latest 1.8.7 STABLE binaries have been compiled and are now
> >available on our site. There are now 6 flavors available:
> >
> >Snort-1.8.7-Win32_Barebones_Release
> >Snort-1.8.7-Win32_Flexresp_Release
> >Snort-1.8.7-Win32_MySQL_Flexresp_Release
> >Snort-1.8.7-Win32_MySQL_MSSQL_Flexresp_Release
> >Snort-1.8.7-Win32_MySQL_MSSQL_Release
> >Snort-1.8.7-Win32_MySQL_Release
> >
> >NOTICE: There are now NEW options in stream4 and frag2 and to update
> >your config files accordingly. This is the OFFICIAL Stable Release of
> >Snort 1.8.7, so it would be wise to update your complete Snort
install
> >and copy back your custom settings to the new Snort.conf and any
other
> >files you may have customized.
> >
> >NOTICE: The "Run as Service" has been compiled into this update, and
is
> >ONLY available for the following Windows environments:
> >
> >1. 2000 Professional / 2000 Server Family
> >2. XP Pro / XP .NET Server Family
> >3. NT Server 4 (latest service pack).
> >
> >The basic usage is as follows:
> >
> >Note: COMPLETELY remove any previous installation of Snort running as
a
> >service, even Registry settings, then reboot. If you have any
concerns
> >or questions, please don't hesitate to email me.
> >
> >There are three command switches that Snort uses for the Service
> >activation.
> >
> >/SERVICE /INSTALL
> >/SERVICE /UNINSTALL
> >/SERVICE /SHOW
> >
> >Explanation of Service options:
> >
> >CAUTION: All the switches MUST be used from the folder that Snort is
> >located in. If Snort is located in C:\Snort then navigate to that
folder
> >and type the command from there.
> >
> >This will install Snort as a service with the specified parameters:
> >"snort /SERVICE /INSTALL -de -c <FULL PATH>\snort.conf -l <FULL
> >PATH>\logs"
> >
> >This will remove snort as a service:
> >"snort /SERVICE /UNINSTALL"
> >
> >This will display the parameters:
> >"snort /SERVICES /SHOW
> >
> >>From the Start Menu go to Programs / Administrative Tools and Open
the
> >Services applet in Administrative Tools.  Select Snort from the
services
> >window, right click on Snort, choose Properties, and under startup
type
> >select Automatic (this will allow snort to be active when there is no
> >one logged on).
> >
> >Note: If you want to stop or start the service from a command prompt
> >type:
> >
> >"net stop snortsvc"
> >"net start snortsvc"
> >
> >Note: If you want to change the parameters then you must:
> >
> >Take Snort down: net stop snortsvc
> >
> >snort /SERVICE /UNINSTALL
> >snort /SERVICE /INSTALL < NEW PARAMETERS >
> >
> >Bring Snort back up: net start snortsvc
> >
> >A Big THANK YOU to Chris Reid for this...
> >
> >NOTICE: The latest WinPcap has gone gold! Version 2.3
> >http://netgroup-serv.polito.it/winpcap/
> >
> >NOTICE: LibnetNT.dll can be found at:
> >http://www.securitybugware.org/libnetnt/
> >
> >NOTICE to all our clients: We will ONLY be supporting the STABLE
> >RELEASES of Snort 1.7.1, Snort 1.8.1, Snort 1.8.2, 1.8.3, 1.86, and
1.87
> >at this time.
> >
> >Link to Downloads:
> >http://www.silicondefense.com/techsupport/downloads.htm
> >
> >Link to Documentation:
> >http://www.silicondefense.com/techsupport/windows.htm
> >
> >-Michael
> >--
> > Michael Steele | System Engineer / Support Technician
> > mailto:michaels at ...155...
> > Silicon Defense: IDS solutions - http://www.silicondefense.com
> > Snort: Open Source Network IDS - http://www.snort.org
> >
> >
> >
> >
> >
> >-------------------------------------------------------
> >This sf.net email is sponsored by:ThinkGeek
> >Stuff, things, and much much more.
> >http://thinkgeek.com/sf
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >








More information about the Snort-users mailing list