[Snort-users] Snort "promiscuous mode disabled...

FRANCIS PROVENCHER francis.provencher at ...14009...
Fri May 11 09:41:49 EDT 2007


Hi all,
 
I'v install a snort instance on my Laptop, Freebsd  box.
i start the process  /usr/local/etc/rc.d/snort start
 
 
I look on my /var/log/message
 
MyPC# /usr/local/etc/rc.d/snort start
Starting snort.
MyPC# ps aux | grep snort
root     2638 92.2 15.6 157376 120856  ??  Rs    9:34AM   0:06.17 /usr/local/bin/snort -Dq -c /usr/local/etc/snort/snort.conf

I start ok, but 2 minutes later i see this message on;
 
 
May 11 09:34:32  snort[2637]:       Are You There Threshold: 200
May 11 09:34:32  snort[2637]:       Normalize: YES
May 11 09:34:32  snort[2637]:       Detect Anomalies: NO
May 11 09:34:32  snort[2637]:     FTP CONFIG:
May 11 09:34:32  snort[2637]:       FTP Server: default
May 11 09:34:32  snort[2637]:         Ports: 21
May 11 09:34:32  snort[2637]:         Check for Telnet Cmds: YES alert: YES
May 11 09:34:32  snort[2637]:         Identify open data channels: YES
May 11 09:34:32  snort[2637]:       FTP Client: default
May 11 09:34:32 snort[2637]:         Check for Bounce Attacks: YES alert: YES
May 11 09:34:32  snort[2637]:         Check for Telnet Cmds: YES alert: YES
May 11 09:34:32 snort[2637]: SMTP Config:
May 11 09:34:32  snort[2637]:       Ports:
May 11 09:34:32  snort[2637]: 25
May 11 09:34:32  snort[2637]:
May 11 09:34:32  snort[2637]:       Inspection Type:            STATEFUL
May 11 09:34:32 snort[2637]:       Normalize Spaces:           YES
May 11 09:34:32 snort[2637]:       Ignore Data:                NO
May 11 09:34:32  snort[2637]:       Ignore TLS Data:            NO
May 11 09:34:32  snort[2637]:       Ignore Alerts:              NO
May 11 09:34:32 snort[2637]:       Max Command Length:         0
May 11 09:34:32  snort[2637]:       Max Header Line Length:     0
May 11 09:34:32  snort[2637]:       Max Response Line Length:   0
May 11 09:34:32  snort[2637]:       X-Link2State Alert:         YES
May 11 09:34:32  snort[2637]:       Drop on X-Link2State Alert: NO
May 11 09:34:32  snort[2637]:  DCE/RPC Decoder config:
May 11 09:34:32  snort[2637]:     Autodetect ports ENABLED
May 11 09:34:32  snort[2637]:     SMB fragmentation ENABLED
May 11 09:34:32  snort[2637]:     Obsolete DNS RR Types Alert: INACTIVE
May 11 09:34:32  snort[2637]:     Experimental DNS RR Types Alert: INACTIVE
May 11 09:34:32  snort[2637]:     Ports:
May 11 09:34:32  snort[2637]:  53
May 11 09:34:32  snort[2637]:
May 11 09:34:32  snort[2637]: Warning: flowbits key 'dce.bind.veritas' is set but not ever checked.
May 11 09:34:32  snort[2637]: Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set.
May 11 09:34:32 snort[2637]: 303 out of 512 flowbits in use.
May 11 09:34:32 snort[2637]: *** *** interface device lookup found: rl0 ***
May 11 09:34:32 snort[2637]: Initializing daemon mode
May 11 09:34:32  snort[2638]: PID path stat checked out ok, PID path set to /var/run/
May 11 09:34:32  snort[2638]: Writing PID "2638" to file "/var/run//snort_rl0.pid"
May 11 09:34:32  snort[2637]: Daemon parent exiting

May 11 09:35:23 MyPc rl0: promiscuous mode disabled
 
I dont know why this doing this, it always work before...
Did you know why, the promuscuous mode disabled?
What can cause this?

Thanks for your help
 
Francis Provencher
Ministère de la Sécurité publique du Québec
Direction des technologies de l'information
Division de la sécurité informatique
Tél: 1 418 646-3258
Courriel:   Francis.provencher at ...14010... 
 
CEH - Certified Ethical Hackers
SSCP - System Security Certified Practitionner
Sec+ - Security +
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070511/a12470ac/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FRANCIS PROVENCHER4.vcf
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20070511/a12470ac/attachment.ksh>


More information about the Snort-users mailing list