[Snort-users] Snort not logging alerts.

Lyndon Tiu ltiu at ...12200...
Thu Jul 29 12:50:03 EDT 2004


On Thu, 29 Jul 2004 15:38:25 -0400 sekure at ...11827... wrote: 
> You can't do it.  Not with TCP and not the way you are trying to. 
>  
> The problem is that TCP is a stateful protocol, it needs to establish 
> a session before it can send data.  What that means is that something 
> has to be listening on port 80 in this case (http), for your browser 
> to establish the connection, BEFORE it can send the CodeRed exploit. 
> Since nothing is, nothing happens...  If you are just doing this for 
> testing, you can download netcat and tell it to listen to port 80. 
> That way you'll be able to establish a connection and send the 
> exploit. 
 
OK. Thank you. 
 
That makes sense. 
 
I have figured out what I wanted to do. 
 
Leave ip address of sniffer at 0.0.0.0 and only listen for exploits that 
actually connect to an ip address on the network that exists. 
 
Thanks to all who helped. 
 
-- 
Lyndon Tiu 




More information about the Snort-users mailing list