[Snort-users] new user, great product, but ...

twig les twigles at ...131...
Tue Apr 22 13:51:18 EDT 2003


The vuln is the first piece of news on www.snort.org.  I agree
with the beta stance, but we're in a tight spot here.

--- "Allen, Garrett" <Garrett.Allen at ...8966...> wrote:
> sorry.  red hat 8.0.  thanks for the tips.  2.0 shows as beta
> on the
> snort.org web page and i try to avoid beta software.  might i
> enquire as to
> the nature of the vulnerability?
> 
> thanks.
> 
> -----Original Message-----
> From: twig les [mailto:twigles at ...131...]
> Sent: Tuesday, April 22, 2003 4:37 PM
> To: Allen, Garrett; 'snort-users at lists.sourceforge.net'
> Subject: Re: [Snort-users] new user, great product, but ...
> 
> 
> You didn't mention your OS, but since you have a /var I can
> safely suggest quotas to at least make sure /var doesn't hit
> %100.  Once you get mysql up you can stop logging to the flat
> text.  If you are wondering if there is a method of making a
> signature fire once/100 alerts or something like that then I
> don't think that exists.
> 
> BTW, 1.9.1 has a vulnerability so as long as you're doing a
> fresh install you might as well use 2.0.
> 
> --- "Allen, Garrett" <Garrett.Allen at ...8966...> wrote:
> > heys,
> > 
> > installed version 1.9.1 (build 231) of the pink beastie. 
> very
> > interesting
> > results captured from our network.  pointed to a potential
> > issue with xp
> > configs.  i'm generating log files, haven't quite got the
> > mastery of mysql
> > installation yet.  anyways, here's the question:
> > 
> > the very day i started using snort for real was the day one
> of
> > our wandering
> > sales minstrals returns with an ms-sql worm.  it momentarily
> > shut down our
> > net when he fired up his machine, then went for coffee,
> > flooding the network
> > with traffic as a worm is want to do.  we were able to
> quickly
> > detect where
> > the problem originated from and shut the machine down.  but
> in
> > the meantime
> > snort generated enough log files to fill /var.  ouch.  any
> way
> > to slow down
> > the volume of log entries?  any other operational tips?
> > 
> > thanks in advance.
> > 
> > 
> > -------------------------------------------------------
> > This sf.net email is sponsored by:ThinkGeek
> > Welcome to geek heaven.
> > http://thinkgeek.com/sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> =====
> -----------------------------------------------------------
> Know yourself and know your enemy and you will never fear
> defeat.         
> -----------------------------------------------------------
> 
> __________________________________________________
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo
> http://search.yahoo.com
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
http://search.yahoo.com




More information about the Snort-users mailing list