[Snort-users] new user, great product, but ...

Michael Anderson mca at ...1717...
Tue Apr 22 13:52:03 EDT 2003


Allen,
Check out snort.org.  The first news article on the main page describes 
the vulnerability and has a link to download snort 2.0. Snort 2.0 was 
officially released April 14th or thereabouts.

-Mike

Allen, Garrett wrote:

>sorry.  red hat 8.0.  thanks for the tips.  2.0 shows as beta on the
>snort.org web page and i try to avoid beta software.  might i enquire as to
>the nature of the vulnerability?
>
>thanks.
>
>-----Original Message-----
>From: twig les [mailto:twigles at ...131...]
>Sent: Tuesday, April 22, 2003 4:37 PM
>To: Allen, Garrett; 'snort-users at lists.sourceforge.net'
>Subject: Re: [Snort-users] new user, great product, but ...
>
>
>You didn't mention your OS, but since you have a /var I can
>safely suggest quotas to at least make sure /var doesn't hit
>%100.  Once you get mysql up you can stop logging to the flat
>text.  If you are wondering if there is a method of making a
>signature fire once/100 alerts or something like that then I
>don't think that exists.
>
>BTW, 1.9.1 has a vulnerability so as long as you're doing a
>fresh install you might as well use 2.0.
>
>--- "Allen, Garrett" <Garrett.Allen at ...8966...> wrote:
>  
>
>>heys,
>>
>>installed version 1.9.1 (build 231) of the pink beastie.  very
>>interesting
>>results captured from our network.  pointed to a potential
>>issue with xp
>>configs.  i'm generating log files, haven't quite got the
>>mastery of mysql
>>installation yet.  anyways, here's the question:
>>
>>the very day i started using snort for real was the day one of
>>our wandering
>>sales minstrals returns with an ms-sql worm.  it momentarily
>>shut down our
>>net when he fired up his machine, then went for coffee,
>>flooding the network
>>with traffic as a worm is want to do.  we were able to quickly
>>detect where
>>the problem originated from and shut the machine down.  but in
>>the meantime
>>snort generated enough log files to fill /var.  ouch.  any way
>>to slow down
>>the volume of log entries?  any other operational tips?
>>
>>thanks in advance.
>>
>>
>>-------------------------------------------------------
>>This sf.net email is sponsored by:ThinkGeek
>>Welcome to geek heaven.
>>http://thinkgeek.com/sf
>>_______________________________________________
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe:
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive:
>>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>    
>>
>
>
>=====
>-----------------------------------------------------------
>Know yourself and know your enemy and you will never fear defeat.         
>-----------------------------------------------------------
>
>__________________________________________________
>Do you Yahoo!?
>The New Yahoo! Search - Faster. Easier. Bingo
>http://search.yahoo.com
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>  
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030422/f15af64d/attachment.html>


More information about the Snort-users mailing list