[Snort-users] barnyard (Payload)

Martin Roesch roesch at ...1935...
Tue Oct 1 07:58:04 EDT 2002


Which unified output option are you guys using?

      -Marty


On 10/1/02 8:57 AM, "Alwin Raymundo" <alrayworld at ...131...> wrote:

> Hi Ron,
> 
> Yap to me the payload is very important.  for my own
> opinion.  we know that somebody trying to do some
> nasty thing to our server but how?
> 
> without the payload its look like I shooting in the
> dark.
> 
> Thanks
> 
> 
> --- Ron Shuck <rshuck at ...6736...> wrote:
>> Hey Alwin,
>> 
>> I found the same results. I haven't heard if there
>> are plans to include
>> this, or if it should work and we just missed
>> something.
>> 
>> 
>> Ron Shuck, CISSP - Managing Consultant
>> Buchanan Associates - A Technology Company in the
>> People Business
>> http://www.buchanan.com
>> http://www.isc2.org
>> 
>> 
>> ---original message---
>> Date: Mon, 30 Sep 2002 11:36:39 -0700 (PDT)
>> From: Alwin Raymundo <alrayworld at ...131...>
>> To: user snort <snort-users at lists.sourceforge.net>
>> Subject: [Snort-users] barnyard (Payload)
>> 
>> Hi Everybody,
>> 
>> I don't know if this is already posted in previous
>> discussion and this morning I just setup the
>> barnyard.
>>  I like it because it fast to log all packets in my
>> mysql and acid but I notice there is no payload.
>> 
>> Is this normal? is there in another way to get the
>> payload?.
>> 
>> Any help would be appreciated.
>> 
>> Thanks in advance.
>> 
>> 
>> 
>> 
> 
>> ATTACHMENT part 2 application/x-pkcs7-signature
> name=smime.p7s
> 
> 
> 
> =====
> Alwin Raymundo
> 
> __________________________________________________
> Do you Yahoo!?
> New DSL Internet Access from SBC & Yahoo!
> http://sbc.yahoo.com
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by: DEDICATED SERVERS only $89!
> Linux or FreeBSD, FREE setup, FAST network. Get your own server
> today at http://www.ServePath.com/indexfm.htm
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 

-- 
Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch at ...1935... - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org





More information about the Snort-users mailing list