[Snort-users] Help!! Problem testing Snort

ravivsn at ...9637... ravivsn at ...9637...
Mon Feb 9 06:13:01 EST 2004


What are you expecting from snort ;) to generate false positives :)
Snort current version is now improved to the version which generated false
positives.
Snort would have generated BAD-traffic because may be stick is generating
malformed packets.
Hmm, I understood your english :) Its not bad.
Cheers,
-Ravi
Rendezvous On Chip (I) Pvt Ltd
http://www.rocsys.com


>
> Hi! Please I need help!!
>
> I'm testing Snort with Stick. I run Stick with Snort signatures, but
> Snort doesn't detect them how I expected. I only get a lot of identical
> alerts like this:
>
> snort_decoder: Invalid UDP header, length field <8
> snort_decoder:Unknown Datagram Decoding Problem
>
> I get an important number of packets discard too, but I don't understand
> what this exactly means and if is there any relation. I'm really worried
> because I'm not sure if the detection motor is running well about
> signatures detection. Most of time, Snort sends preprocessors messages
> (alerts) except some ICMP or BAD-TRAFFIC rules alerts. It seems strange,
> doesn't it?
>
> Snort analyzed 3010 out of 3010 packets, dropping 0(0.000%) packets
>
> Breakdown by protocol:      Action Stats:
>
> TCP: 2122 (70.498%)         ALERTS: 368
>
> UDP: 238 (7.907%)           LOGGED: 736
>
> ICMP: 622 (20.664%)         PASSED: 0
>
> ARP: 16 (0.532%)
>
> EAPOL: 0 (0.000%)
>
> IPv6: 0 (0.000%)
>
> IPX: 0 (0.000%)
>
> OTHER: 0 (0.000%)
>
> DISCARD: 250 (8.306%)
>
> I'm sorry if my English is difficult to understand!!
>
> Cheers!!
>
>
>
> ---------------------------------
>
>     Antivirus #8226; Filtros antispam #8226; 6 MB gratis
>     ¿Todavía no tienes un correo inteligente?







More information about the Snort-users mailing list