[Snort-users] RE: Snort on Acid instructions

Michael Steele michaels at ...155...
Sat Jun 15 09:29:01 EDT 2002


Wally,

Go into Internet Information Services in the Administrative Tools. You
should see the name of your server and a "+" beside that, click the "+"
and open IIS up. In there you should see FTP Sites, and Web Sites. Click
on the "+" next to the Web Sites and it will open up showing all the
websites you have. Right click on the Default Web Site and select
properties. That will pop up a window called Default Web Site
Properties. At that point select the Directory Security tab. Next you
will see one option in the middle of that window with a combination lock
showing, ad you will want to select the edit button. A window called "IP
Address and Domain Name Restrictions" will pop up. In there you will
find two options:

Granted Access: By Default all computers will be granted access

Denied Access: Except those listed below

You will want to make sure to click the radio button for "Denied Access"
and select the Add button to allow any IP Address in that you choose. If
you leave blank, then nobody gets in. I believe you don't need to add
localhost, but if you can't get to the Acid site from your browser on
localhost then go back and add 127.0.0.1 to the "except those listed
below" list.

Michael Steele | System Engineer / Support Technician     
mailto:michaels at ...155...
Silicon Defense: IDS solutions - http://www.silicondefense.com
Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: Auteria Wally Winzer Jr. [mailto:wally.winzer at ...2700...] 
Sent: June 14, 2002 7:20 PM
To: Michael Steele
Cc: Auteria Wally Winzer Jr.
Subject: Re: [Snort-users] RE: Snort on Acid instructions

Hey Michael, I'd like to get that info from you, if you don't mind
regarding
absolute for IIS.

Thanks.

Wally Winzer Jr.

----- Original Message -----
From: "Michael Steele" <michaels at ...155...>
To: <snort-users at lists.sourceforge.net>
Sent: Friday, June 14, 2002 18:56
Subject: [Snort-users] RE: Snort on Acid instructions


> William,
>
> You can restrict all IP's if you are using IIS. This is not documented
> in my walk thru for Snort on Acid using IIS here:
>
> http://www.silicondefense.com/techsupport/winsnortacid-iis_1.8.7.htm
>
> You can deny all except localhost if you're using Apache. This is
> documented in my online walk thru for Snort on Acid using Apache here:
>
>
http://www.silicondefense.com/techsupport/winsnortacid-apache_1.8.7.htm
>
> Both of those are absolute, nobody gets in from the outside.
>
> I can give you an absolute for IIS if you want that?
>
> Michael Steele | System Engineer / Support Technician
> mailto:michaels at ...155...
> Silicon Defense: IDS solutions - http://www.silicondefense.com
> Snort: Open Source Network IDS - http://www.snort.org
>
> -----Original Message-----
> From: William Minnis [mailto:wminnis at ...6096...]
> Sent: June 14, 2002 1:13 PM
> To: michaels at ...155...
> Subject: Snort on Acid instructions
>
> Afternoon Michael -
>
> Let me commend you on the instruction set. It really helped during my
> install of Snort on
> Acid.
>
> One question. Is there an issue with the username and password combo
> snort / snort? Not
> being too terribly familiar with mysql, is there a way to ensure that
no
> one can connect
> to the database except from the localhost or console? Or would you
> simply recommend
> removing the snort user and creating my own?
>
> Thanks for your thoughts,
>
> William
>
>
>
> William Minnis
> Manager, Information Services
> Nunavut Arctic College
> Iqaluit, Nunavut
>
> wminnis at ...6096...
> 867.979.4660    Tel
> 867.975.1566    Cel
> 867.979.4681    Fax
>
>
>
>
>
> _______________________________________________________________
>
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>








More information about the Snort-users mailing list