[Snort-users] catching some alerts, but NOT consistent
jasonb at ...1935...
Mon Sep 17 09:28:15 EDT 2007
- Where is snort running relative to the attack?
- Where is the attack being launched from?
- Can you capture a pcap of the traffic?
Casiano, Jason (Sys Admin) wrote:
> I should add that pipe -i2 -v into find "3389" will detect the connection traffic. Its strange and I cannot get snort to alert for the life of me
> -----Original Message-----
> From: Jason Brvenik [mailto:jasonb at ...1935...]
> Sent: Sunday, September 16, 2007 8:44 PM
> To: Casiano, Jason (Sys Admin)
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] catching some alerts, but NOT consistent
> Casiano, Jason (Sys Admin) wrote:
>> broadcom BCM5708C
>> Winsrv2k3 wsp2
>> Winpcap 401
>> Snort exec= -cc:\snort\etc\snort.conf –ld:\logs\snort –Kascii –i2
>> im using a terminal service request alert to verify snort functionality
>> on my servers, however ive got a couple using the broadcom BCM5708C
>> netextreme 2 adapters that dont seem to report on a term server request,
>> however icmp request report just dandy.
>> any ideas? i truly would like to iron this out, ive been pulling my hair
>> our for 3 weeks now.
More information about the Snort-users