[Snort-users] Flex-Response, anyone using it?

James Riden j.riden at ...11179...
Wed May 19 20:25:01 EDT 2004


Jason <security at ...5028...> writes:

> It will be a few weeks before I can get around to testing it for this
> case so if anyone wants to give it a try and confirm functionality
> "that would be great".

My setup works at the moment, with snort listening on eth0.

% ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0B:CD:AE:F9:BB
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1469489134 errors:360 dropped:0 overruns:0 frame:286
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1775222552 (1692.9 Mb)  TX bytes:0 (0.0 b)
          Interrupt:7
 
eth1      Link encap:Ethernet  HWaddr 00:0B:CD:AE:F9:18
          inet addr:x.x.x.x  Bcast:x.x.x.x  Mask:255.255.248.0
          UP BROADCAST NOTRAILERS RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:699472 errors:0 dropped:0 overruns:0 frame:0
          TX packets:337024 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:145021414 (138.3 Mb)  TX bytes:46793743 (44.6 Mb)
          Interrupt:10

%  route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
<localsubnet>   *               255.255.248.0   U     0      0        0 eth1
default         localgateway    0.0.0.0         UG    0      0        0 eth1

It just seemed to work OK out of the box, with minimal fiddling. No
traffic is appearing on the wrong interfaces, etc.

> Don't forget... When you report your test results back to the list do
> not forget that the TPS report has a new format, didn't you read the
> memo.

Er, sorry?

-- 
James Riden / j.riden at ...11179... / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/






More information about the Snort-users mailing list