[Snort-users] catching some alerts, but NOT consistent

Jason Brvenik jasonb at ...1935...
Mon Sep 17 09:28:15 EDT 2007


- Where is snort running relative to the attack?
- Where is the attack being launched from?
- Can you capture a pcap of the traffic?

Casiano, Jason (Sys Admin) wrote:
> I should add that pipe -i2 -v into find "3389" will detect the connection traffic. Its strange and I cannot get snort to alert for the life of me
>
> -----Original Message-----
> From: Jason Brvenik [mailto:jasonb at ...1935...] 
> Sent: Sunday, September 16, 2007 8:44 PM
> To: Casiano, Jason (Sys Admin)
> Cc: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] catching some alerts, but NOT consistent
>
>
>
> Casiano, Jason (Sys Admin) wrote:
>   
>> broadcom BCM5708C
>>
>> Winsrv2k3 wsp2
>>
>> Winpcap 401
>>
>> Snort exec= -cc:\snort\etc\snort.conf –ld:\logs\snort –Kascii –i2
>>
>>  
>>
>> im using a terminal service request alert to verify snort functionality
>> on my servers, however ive got a couple using the broadcom BCM5708C
>> netextreme 2 adapters that dont seem to report on a term server request,
>> however icmp request report just dandy.
>>
>> any ideas? i truly would like to iron this out, ive been pulling my hair
>> our for 3 weeks now.
>>
>>  





More information about the Snort-users mailing list