[Snort-users] plz help

Harper, Patrick patrick.harper at ...11593...
Wed Jul 14 06:18:38 EDT 2004


Do you have a rule for large ICMP enabled?  Try a vulnerability scanner,
that should trigger some alerts for ya.  Or if you have the content:
/etc/passwd  rule enabled just go to the IP of the snort box in a
browser with /etc/passwd in the URL and you should get an alert.  

When you say "how do I check this from other clients ?" are you talking
about checking the traffic to and from the clients on your network?  If
you are on a switched (a managed on) you need to set a span or monitor
port depending on the brand of switch.  If you are on a dumb switch then
you either need to use a tap or a small hub inline, taps work better in
my opinion but hubs are cheaper.

Hope that helps

-----Original Message-----
From: Chandana Bandara [mailto:chandana at ...12108...] 
Sent: Wednesday, July 14, 2004 6:19 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] plz help

hi , 
 
I have installed snort perfectly in Red Hat Linux 9 box.ACID url runs on
the browser.
i used ping command with huge paccket sizes to that snort server. But
there was no any alerts in the ACID. 
 
So tell me , how do i check this from other clients ?
 
plz help
 
thanx in advance
chandana 




Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. 







More information about the Snort-users mailing list