[Snort-users] Snort not seeing all traffic?
emechler at ...7719...
Thu Apr 24 08:50:09 EDT 2003
:: I am referring to "alerts" I guess... With that said, I can not find
:: "rules" via snort-center, that pertain to port scanning and or the exploits
:: like cmd.exe and root.exe... As for the rest, should I run something like
:: Ethereal and check traffic that way?
Portscanning is taken care of via the portscan2 preprocessor (Config Types
--> Preprocessors --> Create preprocessors). As for the cmd.exe and
root.exe rules, check SIDs 1661, 1002, and 1256 among others.
Re: Ethereal, that's just a sniffer, so unless you actually want to look
through all your packets looking for bad stuff, I'd just stick with
customizing your Snort rulebase to fit your needs.
Cheers - Erick
More information about the Snort-users