[Snort-users] NFS file copy vs. snort ???

Jason security at ...5028...
Mon Sep 6 18:57:08 EDT 2004


I considered not sending a reply however I hope that you find the time 
to investigate the little technical things in this mail and better your 
understanding of the problem. Apologies to the list for this continuing 
drivel, hopefully it is at least more entertaining than the usual How do 
I mail.

Michael D Schleif wrote:

[...]
> 
> For that matter, why did you bother, since you so clearly failed by your
> own measure?

Once in a while I run across a person that is indignant when asked to 
provide more information or told where to find the answer they are 
looking for but not directly given the answer. This list is cluttered 
with people looking for a quick fix that do not bother to take the time 
to research and read, most of them will go do it when pointed in the 
correct direction.

I spend the time because I like to help people solve _actual problems_ 
not resolve symptoms of problems they do not understand. Fortunately I 
am not afraid of failure or question and I understand and acknowledge 
that failure is a reality in some situations.

> 
> 
>>NOTE: The search is "ignore traffic with snort"
>>
>>http://www.google.com/search?q=ignore+traffic+with+snort
>>
>>I also suggest executing man bpf
> 
> <snip />
> 
> Can you even comprehend how much time and effort -- not to mention
> enmity -- would have been saved had you had the intellect to offer this
> advice in your first post?

Can you even comprehend how much time would had been saved if you simply 
searched google yourself in the beginning?

The BPF answer has always been there. If you had you used google or 
described your problem and the actions you took to diagnose and attempt 
to resolve them someone with a bit more experience than I might have 
spotted it and cared to provide an answer.

http://www.catb.org/~esr/faqs/smart-questions.html

( WOW, three chances to post the same link. Hopefully some others will 
discover it too. )

It sounds as if you were nearly 90% complete on a solution you feel 
comfortable implementing and did not have the syntax correct. This is 
not unusual for BPF. It would have been nice to have a hint that you 
were looking for the correct syntax for BPF instead of how to solve your 
actual problem.

> 
> 
>>If you had read the links provided you would have found these
>>
>>http://www.snort.org/docs/snort_manual/node5.html - Look for BPF
>>
>>http://www.snort.org/docs/FAQ.txt - Look for Ignore
> 
> <snip />
> 
> Yes, indeed, they are there -- among some several thousand other words
> and phrases.  The trick is in finding a document's author's sense of
> humor in organizing and indexing said tomes.  If the documentation for
> BPF was clearer, apparently I would not have started this thread ;<
> 
> I hope, should you ever require brain or heart surgery, that you find
> physicians and surgeons more communicative than you are ;>

I hope if I ever do require brain surgery the surgeon is competent 
enough to have used all of the tools available to them and that they 
fully understand the problem before cracking my skull open. I could care 
less if they held my hand while explaining the problem to me.

You have failed to do this for your problem. By using a BPF you blind 
yourself to potentially serious attacks instead of resolving the problem 
properly through tuning.

[...]

>>
>>Give a man fire and he will be warm for the night. Set the man on fire 
>>and he will be warm the rest of his life.
> 
> <snip />
> 
> Have you encountered the concept of karma?
> 

The concept unfortunately prevents me from seriously considering the 
above solution to problems IRL :-)

[...]

> 
> For me, I have the answer that I sought -- which is good for me -- and I
> can go forward in life without crass anger gnawing at me.

There is only one thing I am angry with and I can help change the 
current leadership of my country with my vote. Beyond that I am happy.

> 
> Thank you, for your wit and vague repartee!  I hope that this lesson has
> taught you something about quality communication . . .

I sincerely hope it was not as redundant as you describe!

My lesson for this exchange is that email is a poor forum for 
communication when dealing with those that are too insecure to read 
frank words as information and instead take offense. Please don't take 
offense at that, you are not the first to help me discover this 
phenomenon. I accept it and realize that I do not have time to cater to 
the insecurities of a few in such a large forum.

http://www.washingtonpost.com/ac2/wp-dyn?pagename=article&node=&contentId=A22919-2001Aug16&notFound=true

I will leave the issues surrounding using the solution you have chosen 
for you to research and ponder should you care.

 > HAND

I have thank you, a good one at that. I hope you have had the same.






More information about the Snort-users mailing list