[Snort-users] No longer seeing exploit traffic on version 2.0.0

Lloyd_Ardoin at ...9013... Lloyd_Ardoin at ...9013...
Fri Apr 25 05:53:14 EDT 2003


I have been using Snort 1.9.0 and had upgraded to 1.9.1 about 3 weeks ago. 
It is running on a Linux RedHat Dell box on our DMZ. It has been up and 
monitoring for about 3 months. It is configured to log to a mysql database 
and I have the ACID console up and working also. The Snort box has been 
logging about 2 dozen alerts a day on average. Mostly IIS Web exploits. I 
upgraded to the 2.0.0 version on April 23rd and I am no longer getting any 
alerts from Snort. I have created an alert rule in the local.rules file 
that says -

alert ip !$HOME_NET any -> $HOME_NET any

which is generating alerts.  But I am no longer seeing any alerts on the 
consistent IIS web exploints I have been seeing for the last couple of 
months.  I have reviewed everything on my setup but can't seem to come up 
with anything....can anyone provide any suggestions?

thanks in advance,
LA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030425/5866ef82/attachment.html>


More information about the Snort-users mailing list