[Snort-users] plz help

Harper, Patrick patrick.harper at ...11593...
Thu Oct 14 10:55:11 EDT 2004


didn't you ask this yesterday?  As Chandana Bandara
[chandana at ...12108...]???

Like I asked yesterday??????  Also do you have a rule turned on that
detects large ICMP traffic?


Are you on a switch?  If so snort will not see all the traffic.  In that
configuration you either need a true hub (see the archive) or a tap.
First make sure that snort is working then see if you have a networking
problem.
Scan the box or set up a rule to catch all IP traffic
________________________________

From: Curlys [mailto:curlybraces at ...12108...] 
Sent: Thursday, October 14, 2004 3:03 AM
To: Snort
Subject: [Snort-users] plz help


hi , 
 
my snort placed in same network with the other machines. It has only one
interface card. 
 
 
PC A --------- PC B ------------- PC C -------- Snort Box -------- PC D
--------- ....... so on
 
I made ping request PC B to PC D . It is not a nornal ping , added the
packect size 50 000. This can be unknown attack in the network .
But like this alerts why can't detect from the snort ? my snort wont
show such hits ? where is the problem ? can u all help ....plz ?
 
Thank u 
chandana
 




Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. 







More information about the Snort-users mailing list