[Snort-users] Snort Win32 front end

Nick Benigno nick at ...6334...
Tue Jul 16 14:38:02 EDT 2002


I am having trouble finding a stable front end for the win32 version of
snort 1.8.7. I have tried hooking up the IDScenter beta and after a while I
get a bunch of error boxes in French. 

win2k server, snort 1.8.7, idscenter 1.9x beta.

I am very new at snort and have very limited knowledge of correct
implementation on a win32 host.

I have downloaded all documents from snort.org and reviewed them, most of
the articles are for the *nix version. Any tips would be helpful.

Thanks.
Nick

-----Original Message-----
From: snort-users-request at lists.sourceforge.net
[mailto:snort-users-request at lists.sourceforge.net]
Sent: Tuesday, July 16, 2002 3:05 PM
To: snort-users at lists.sourceforge.net
Subject: Snort-users digest, Vol 1 #2079 - 3 msgs


Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-admin at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: IDScenter Anomaly (Kistler Ueli)
   2. Re: Snort Doesn't Set Second NIC Promiscuous (Erek Adams)
   3. RE: IDScenter Anomaly (L. Christopher Luther)

--__--__--

Message: 1
Date: Tue, 16 Jul 2002 20:43:58 +0200
From: Kistler Ueli <iuk at ...1171...>
To: "L. Christopher Luther" <CLuther at ...6331...>
CC: Snort Users <snort-users at lists.sourceforge.net>
Subject: [Snort-users] Re: IDScenter Anomaly

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1">
  <title></title>
</head>
<body>
I will add buttons to change the order.<br>
Currently i'm coding a rule editor .. works well (Classification config file
can also be edited using the frontend).<br>
<br>
Release date not fixed yet (i'm working hard for my studies test soon..
sorry)<br>
<br>
Regards,<br>
 Ueli Kistler<br>
 eclipse at ...5277...<br>
 www.packx.net<br>
<br>
--<br>
<br>
L. Christopher Luther wrote:<br>
<blockquote type="cite"
 cite="mid586FE4D3ED46814083CB2B4E667AFCC2092987 at ...6332..."> 
  
  <meta http-equiv="Content-Type" content="text/html; ">
 
  <meta name="Generator"
 content="MS Exchange Server version 5.5.2653.12">
  <title>IDScenter Anomaly</title>
    
  <p><font face="Times New Roman">Hello,  </font> </p>
  
  <p><font face="Times New Roman">I'm a new user to IDScenter, but almost
immediately, I noticed that IDScenter has a tendency to sort the list of
included Snort rule files.  Is this a feature or an anomaly? 
</font></p>
  
  <p><font face="Times New Roman">My vote, btw, is that it is an anomaly
because I want to specifically control the order in which the rules are
included
and processed by the Snort binary.  </font></p>
 <br>
  
  <p><font face="Times New Roman">Sincerely,  </font> </p>
  
  <p><font face="Times New Roman">L. Christopher Luther  </font> <br>
  <font face="Times New Roman">Technical Consultant  </font> <br>
  <font face="Times New Roman">Xybernaut Solutions, Inc.  </font> <br>
  <font size="2" face="Times New Roman">(703) 506-0400 x230  </font>
<br>
  <font size="2" face="Times New Roman"><a class="moz-txt-link-abbreviated"
href="mailto:cluther at ...6331... ">cluther at ...6331... </a>
</font> <br>
  <font size="2" face="Times New Roman"><a
 href="http://www.xybernautsolutions.com"
target="_blank">http://www.xybernautsolutions.com</a> </font>
 </p>
  
  <p><font size="2" face="Times New Roman">My PGP Public Key:  </font>
<br>
  <font size="2" face="Times New Roman"><a
 href="http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88"
 
target="_blank">http://keyserver.pgp.com/pks/lookup?op=get&search=0x2126
1B88</a></font> 
  </p>
  
  <p><b><font face="Times New Roman">CONFIDENTIALITY NOTE:</font></b><font
 face="Times New Roman">  This communication contains </font> <br>
  <font face="Times New Roman">information that is confidential and/or
legally
privileged.  </font> <br>
  <font face="Times New Roman">This information is intended only for the
use of the individual </font> <br>
  <font face="Times New Roman">or entity named on this communication. If
you are not the </font> <br>
  <font face="Times New Roman">intended recipient, you are hereby notified
that any disclosure, </font> <br>
  <font face="Times New Roman">copying, distribution, printing or other use
of, or any action </font> <br>
  <font face="Times New Roman">in reliance on, the contents of this
communication
is strictly </font> <br>
  <font face="Times New Roman">prohibited.  If you receive this
communication
in error, please </font> <br>
  <font face="Times New Roman">immediately notify us by telephone at (703)
506-0400. </font> </p>
  
  <p><font face="Times New
Roman">------------------------------------------------------------<br>
 Unsolicited commercial e-mail will automatically be reported<br>
 to the appropriate abuse@ - without exception.<br>
 ------------------------------------------------------------</font> </p>
  </blockquote>
<br>
<br>
</body>
</html>



--__--__--

Message: 2
Date: Tue, 16 Jul 2002 11:54:38 -0700 (PDT)
From: Erek Adams <erek at ...577...>
To: Stefan Schleifer <stefan.schleifer at ...6267...>
cc: Ken Schweigert <ken at ...4067...>,
        <snort-users at lists.sourceforge.net>
Subject: Re: [Snort-users] Snort Doesn't Set Second NIC Promiscuous

On Tue, 16 Jul 2002, Stefan Schleifer wrote:

> or use
>
> snort -i any
>
> that will enable snort to listen on all interfaces.

Ummmm...  The original poster was on OBSD and the "-i any" _only_ works on
Linux based systems.

Please see the FAQ:

	http://www.snort.org/docs/faq.html#3.4

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



--__--__--

Message: 3
From: "L. Christopher Luther" <CLuther at ...6333...>
To: 'Kistler Ueli' <iuk at ...1171...>
Cc: Snort Users <snort-users at lists.sourceforge.net>
Date: Tue, 16 Jul 2002 14:57:48 -0400
Subject: [Snort-users] RE: IDScenter Anomaly

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C22CFA.AD6C3070
Content-Type: text/plain;
	charset="iso-8859-1"

Thanks for the quick reply.  I'll keep an eye open for the next release of
IDScenter.  
 
- Christopher

-----Original Message-----
From: Kistler Ueli [mailto:iuk at ...1171...]
Sent: Tuesday, July 16, 2002 2:44 PM
To: L. Christopher Luther
Cc: Snort Users
Subject: Re: IDScenter Anomaly


I will add buttons to change the order.
Currently i'm coding a rule editor .. works well (Classification config file
can also be edited using the frontend).

Release date not fixed yet (i'm working hard for my studies test soon..
sorry)

Regards,
 Ueli Kistler
 eclipse at ...5277...
 www.packx.net

--

L. Christopher Luther wrote:


Hello,  

I'm a new user to IDScenter, but almost immediately, I noticed that
IDScenter has a tendency to sort the list of included Snort rule files.  Is
this a feature or an anomaly?  

My vote, btw, is that it is an anomaly because I want to specifically
control the order in which the rules are included and processed by the Snort
binary.  


Sincerely,  

L. Christopher Luther  
Technical Consultant  
Xybernaut Solutions, Inc.  
(703) 506-0400 x230  
cluther at ...6331... <mailto:cluther at ...6331... >   
http://www.xybernautsolutions.com <http://www.xybernautsolutions.com>   

My PGP Public Key:  
http://keyserver.pgp.com/pks/lookup?op=get
<http://keyserver.pgp.com/pks/lookup?op=get&search=0x21261B88>
&search=0x21261B88 

CONFIDENTIALITY NOTE:  This communication contains 
information that is confidential and/or legally privileged.  
This information is intended only for the use of the individual 
or entity named on this communication. If you are not the 
intended recipient, you are hereby notified that any disclosure, 
copying, distribution, printing or other use of, or any action 
in reliance on, the contents of this communication is strictly 
prohibited.  If you receive this communication in error, please 
immediately notify us by telephone at (703) 506-0400. 

------------------------------------------------------------
Unsolicited commercial e-mail will automatically be reported
to the appropriate abuse@ - without exception.
------------------------------------------------------------ 




------_=_NextPart_001_01C22CFA.AD6C3070
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<TITLE></TITLE>

<META content=3D"MSHTML 5.50.4916.2300" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D446495618-16072002><FONT color=3D#0000ff>Thanks for =
the quick=20
reply.  I'll keep an eye open for the next release of =
IDScenter. =20
</FONT></SPAN></DIV>
<DIV><SPAN class=3D446495618-16072002><FONT=20
color=3D#0000ff></FONT></SPAN> </DIV>
<DIV><SPAN class=3D446495618-16072002><FONT color=3D#0000ff>-=20
Christopher</FONT></SPAN></DIV>
<BLOCKQUOTE>
  <DIV class=3DOutlookMessageHeader dir=3Dltr align=3Dleft><FONT =
face=3DTahoma=20
  size=3D2>-----Original Message-----<BR><B>From:</B> Kistler Ueli=20
  [mailto:iuk at ...1171...]<BR><B>Sent:</B> Tuesday, July 16, 2002 2:44=20
  PM<BR><B>To:</B> L. Christopher Luther<BR><B>Cc:</B> Snort=20
  Users<BR><B>Subject:</B> Re: IDScenter =
Anomaly<BR><BR></FONT></DIV>I will=20
  add buttons to change the order.<BR>Currently i'm coding a rule =
editor ..=20
  works well (Classification config file can also be edited using the=20
  frontend).<BR><BR>Release date not fixed yet (i'm working hard for my =
studies=20
  test soon.. sorry)<BR><BR>Regards,<BR> Ueli=20
  =
Kistler<BR> eclipse at ...5277...<BR> www.packx.net<BR><BR>--<BR><=
BR>L.=20
  Christopher Luther wrote:<BR>
  <BLOCKQUOTE=20
  =
cite=3D"mid586FE4D3ED46814083CB2B4E667AFCC2092987 at ...6335...=
m"=20
  type=3D"cite">
    <META content=3D"MS Exchange Server version 5.5.2653.12" =
name=3DGenerator>
    <P><FONT face=3D"Times New Roman">Hello,  </FONT></P>
    <P><FONT face=3D"Times New Roman">I'm a new user to IDScenter, but =
almost=20
    immediately, I noticed that IDScenter has a tendency to sort the =
list of=20
    included Snort rule files.  Is this a feature or an =
anomaly? =20
    </FONT></P>
    <P><FONT face=3D"Times New Roman">My vote, btw, is that it is an =
anomaly=20
    because I want to specifically control the order in which the rules =
are=20
    included and processed by the Snort binary.  </FONT></P><BR>
    <P><FONT face=3D"Times New Roman">Sincerely,  </FONT></P>
    <P><FONT face=3D"Times New Roman">L. Christopher Luther  =
</FONT><BR><FONT=20
    face=3D"Times New Roman">Technical Consultant  =
</FONT><BR><FONT=20
    face=3D"Times New Roman">Xybernaut Solutions, Inc.  =
</FONT><BR><FONT=20
    face=3D"Times New Roman" size=3D2>(703) 506-0400 x230  =
</FONT><BR><FONT=20
    face=3D"Times New Roman" size=3D2><A =
class=3Dmoz-txt-link-abbreviated=20
    =
href=3D"mailto:cluther at ...6331... ">cluther at ...6331... <=
/A>=20
    </FONT><BR><FONT face=3D"Times New Roman" size=3D2><A =
target=3D_blank=20
    =
href=3D"http://www.xybernautsolutions.com">http://www.xybernautsolutions=
.com</A> </FONT>=20
    </P>
    <P><FONT face=3D"Times New Roman" size=3D2>My PGP Public Key:  =

    </FONT><BR><FONT face=3D"Times New Roman" size=3D2><A =
target=3D_blank=20
    =
href=3D"http://keyserver.pgp.com/pks/lookup?op=3Dget&search=3D0x2126=
1B88">http://keyserver.pgp.com/pks/lookup?op=3Dget&search=3D0x21261B=
88</A></FONT>=20
    </P>
    <P><B><FONT face=3D"Times New Roman">CONFIDENTIALITY =
NOTE:</FONT></B><FONT=20
    face=3D"Times New Roman">  This communication contains =
</FONT><BR><FONT=20
    face=3D"Times New Roman">information that is confidential and/or =
legally=20
    privileged.  </FONT><BR><FONT face=3D"Times New Roman">This =
information=20
    is intended only for the use of the individual </FONT><BR><FONT=20
    face=3D"Times New Roman">or entity named on this communication. If =
you are not=20
    the </FONT><BR><FONT face=3D"Times New Roman">intended recipient, =
you are=20
    hereby notified that any disclosure, </FONT><BR><FONT=20
    face=3D"Times New Roman">copying, distribution, printing or other =
use of, or=20
    any action </FONT><BR><FONT face=3D"Times New Roman">in reliance =
on, the=20
    contents of this communication is strictly </FONT><BR><FONT=20
    face=3D"Times New Roman">prohibited.  If you receive this =
communication=20
    in error, please </FONT><BR><FONT face=3D"Times New =
Roman">immediately notify=20
    us by telephone at (703) 506-0400. </FONT></P>
    <P><FONT=20
    face=3D"Times New =
Roman">------------------------------------------------------------<BR>U=
nsolicited=20
    commercial e-mail will automatically be reported<BR>to the =
appropriate=20
    abuse@ - without=20
    =
exception.<BR>----------------------------------------------------------=
--</FONT>=20
    </P></BLOCKQUOTE><BR><BR></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C22CFA.AD6C3070--



--__--__--

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest




More information about the Snort-users mailing list