[Snort-users] (no subject)

Slighter, Tim tslighter at ...5174...
Wed Apr 9 08:06:06 EDT 2003


Easier way to try this out is make a copy of your snort.conf file and create
a new one that uses that one rule only.  

 
 
 -----Original Message-----
From: ryan stangl [mailto:sanbarstangl at ...125...]
Sent: Tuesday, April 08, 2003 4:54 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] (no subject)



I was hoping that someone could help me, I am running snort 1.9 on Win2K.  I
got it to run and on our little moch network I can see other computers
trying to get in, for example I can see a ping, or a sweep.  So I assumed
that it was working.  Then I wanted to see if I could get one of my rules to
work, so I added a rules text where all the other rules where, and gave it a
.rules extension, I made just a simple one alert tcp <ip/24>500:2000 ->
<ip/24> any.  Then in the snort config file I placed a # in front of all of
the rules listed and added a path to the rule file I made.  My thinking was
that I would recieve only instances that I specified where anything coming
from not my computer between port 500 and 2000 trying to go to my computer
by any port, but that wasn't the case, I was getting everything as I was
before, comming from any port.  It seemed A.) that my rule file wasn't
working, and B.) that all the rule files where ! activated again, WHY IS
THIS.  If anyone can help me out here it would be greatly appreciated.
Thanks

Ryan




  _____  

MSN 8 helps ELIMINATE E-MAIL  <http://g.msn.com/8HMUENUS/2752> VIRUSES. Get
2 months FREE*. ------------------------------------------------------- This
SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo
with 500 GB of bandwidth! No other company gives more support or power for
your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________ Snort-users mailing list
Snort-users at lists.sourceforge.net Go to this URL to change user options or
unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030409/f8ce6294/attachment.html>


More information about the Snort-users mailing list