[Snort-users] HELP!!! HELP!!! HELP!!!

jrhendri at ...9784... jrhendri at ...9784...
Fri Nov 12 06:02:16 EST 2004


Actually I was suggesting he switch to decaf :-)


----- Original Message -----
From: Michael Steele <michaels at ...9077...>
Date: Friday, November 12, 2004 8:00 am
Subject: RE: [Snort-users] HELP!!! HELP!!! HELP!!!

> Come on he's having problems enough, and you are suggesting that 
> he switch
> to LINUX....
> 
> Read my tag line...
> 
> Kindest regards, 
> Michael...
> 
> WINSNORT.com Management Team Member
> -- 
> Pick up your FREE Windows or UNIX Snort installation guides       
> support at ...9077...
> Website: http://www.winsnort.com
> Snort: Open Source Network IDS - http://www.snort.org
> 
> 
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net [snort-users-
> > admin at lists.sourceforge.net] On Behalf Of Jim Hendrick
> > Sent: Friday, November 12, 2004 4:52 AM
> > To: 'Jeremiah J Batac'; snort-users at lists.sourceforge.net
> > Subject: RE: [Snort-users] HELP!!! HELP!!! HELP!!!
> > 
> > Slow down man... While I'm sure there are folks on the list who 
> can help
> > with what you (seem to be) trying to do, I'd recommend that you 
> start a
> > bit
> > more modestly.
> > 
> > That is, *just* run snort on XP logging to files without trying 
> to include
> > acid, mysql, etc. etc.
> > 
> > This is pretty straightforward and will at least give you the 
> chance to
> > familiarize yourself with the config file, rules, etc. all while 
> starting> to
> > at least see what your network traffic is like.
> > 
> > THEN you should try adding logging to another format like mysql and
> > presenting a web server.
> > 
> > Now if you just can't wait, (unless someone offers a better 
> suggestion) I
> > would simply go to a linux based IDS (there are very explicit 
> step-by-step
> > guides to do this). You can take an older machine (or dual-boot your
> > workstation with redhat (for example) and follow the step-by-
> step guides.
> > You will be snorting and logging and viewing with acid on apache 
> in no-
> > time.
> > 
> > Best of luck,
> > 
> > Jim
> > 
> > 
> > 
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net
> > [snort-users-admin at lists.sourceforge.net] On Behalf Of Jeremiah J
> > Batac
> > Sent: Friday, November 12, 2004 7:28 AM
> > To: snort-users at lists.sourceforge.net
> > Subject: [Snort-users] HELP!!! HELP!!! HELP!!!
> > 
> > 
> > hello snort users,,, im a newbie in the IDS field. Im
> > trying my best to make this snort thing to work in
> > Windows XP. I'm so frustrated coz after downloading
> > tons of documents to help me set it up, tried all
> > their steps and guess what its partially working...
> > Can somebody kind enough to walk me through to make it
> > work. current softwares to install snort that i have
> > right now are the following...
> > 
> > acid
> > adodb
> > dbtools
> > libnet-1.0.2f
> > packetbuild-1.4
> > php-4.3.9-win32
> > phplot-4.4.6
> > application_service
> > mysqlsetup
> > snort-2_1_0
> > winpcap_3_0
> > 
> > 
> > I already tried to install and follow the steps 5times
> > and unfortunately i just go up to this point
> > 
> > 
> > C:\Snort>snort
> > Running in IDS mode with inferred config file:
> > ./snort.conf
> > Log directory = log
> > 
> > Initializing Network Interface
> > \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67
> > }
> > 
> >         --== Initializing Snort ==--
> > Initializing Output Plugins!
> > Decoding Ethernet on interface
> > \Device\NPF_{3A842A08-FAFC-4986-A869-4AB8B6C9DD67
> > }
> > Initializing Preprocessors!
> > Initializing Plug-ins!
> > Parsing Rules file ./snort.conf
> > 
> > +++++++++++++++++++++++++++++++++++++++++++++++++++
> > Initializing rule chains...
> > ,-----------[Flow Config]----------------------
> > | Stats Interval:  0
> > | Hash Method:     2
> > | Memcap:          10485760
> > | Rows  :          4099
> > | Overhead Bytes:  16400(%0.16)
> > `----------------------------------------------
> > No arguments to frag2 directive, setting defaults to:
> >     Fragment timeout: 60 seconds
> >     Fragment memory cap: 4194304 bytes
> >     Fragment min_ttl:   0
> >     Fragment ttl_limit: 5
> >     Fragment Problems: 0
> >     Self preservation threshold: 500
> >     Self preservation period: 90
> >     Suspend threshold: 1000
> >     Suspend period: 30
> > Stream4 config:
> >     Stateful inspection: ACTIVE
> >     Session statistics: INACTIVE
> >     Session timeout: 30 seconds
> >     Session memory cap: 8388608 bytes
> >     State alerts: INACTIVE
> >     Evasion alerts: INACTIVE
> >     Scan alerts: INACTIVE
> >     Log Flushed Streams: INACTIVE
> >     MinTTL: 1
> >     TTL Limit: 5
> >     Async Link: 0
> >     State Protection: 0
> >     Self preservation threshold: 50
> >     Self preservation period: 90
> >     Suspend threshold: 200
> >     Suspend period: 30
> > Stream4_reassemble config:
> >     Server reassembly: INACTIVE
> >     Client reassembly: ACTIVE
> >     Reassembler alerts: ACTIVE
> >     Zero out flushed packets: INACTIVE
> >     flush_data_diff_size: 500
> >     Ports: 21 23 25 53 80 110 111 143 513 1433
> >     Emergency Ports: 21 23 25 53 80 110 111 143 513
> > 1433
> > ERROR: ./snort.conf(287) => Invalid file name for IIS
> > Unicode Map file.
> > Fatal Error, Quitting..
> > 
> > C:\Snort>
> > 
> > hope this will help. like you i would like to be a
> > pioneer on this OpenSource IDS. Help is much
> > appreciated. Thank you very much.
> > 
> > 
> > 
> > 
> > 
> > __________________________________
> > Do you Yahoo!?
> > Check out the new Yahoo! Front Page.
> > www.yahoo.com
> > 
> > 
> > 
> > 
> > -------------------------------------------------------
> > This SF.Net email is sponsored by:
> > Sybase ASE Linux Express Edition - download now for FREE LinuxWorld
> > Reader's
> > Choice Award Winner for best database on Linux.
> > http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> > 
> > 
> > 
> > -------------------------------------------------------
> > This SF.Net email is sponsored by:
> > Sybase ASE Linux Express Edition - download now for FREE
> > LinuxWorld Reader's Choice Award Winner for best database on Linux.
> > http://ads.osdn.com/?ad_idU88&alloc_id065&op=ick
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=ort-users
> 
> 
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Sybase ASE Linux Express Edition - download now for FREE
> LinuxWorld Reader's Choice Award Winner for best database on Linux.
> http://ads.osdn.com/?ad_idU88&alloc_id065&opÕick
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list×ort-users
>





More information about the Snort-users mailing list