[Snort-users] Problems!

Alberto Nicolás Gentil Otero - GenSys Telecomunicaciones albgentil at ...14757...
Tue Feb 2 11:21:34 EST 2010


 Hello to all!

It is the first time that I write to the list.
I warn that my Englishman is bad(wrong) enough, I am sorry.:)
I realize a project on Snort, and have enough problems, which I do not 
manage to arrange.

I have just now working Snort 2.8.4.1 + Postgrest + barnyard2 + 
oinkmaster + snortsam + Swatch. My first problem:

When I update the rules with oinkmaster, it (he) me turns to activating 
rules, that I tape-worm deactivated before. Since I do in order that he 
respects them?

The second problem:

Snortsam blocks the alerts using cisconullroute2. It does well the 
things, but when I it execute sample messages of mistake of the type:

Parsing config file /etc/snortsam.conf...
Linking plugin 'cisconullroute2'...
Checking for existing state file "/var/db/snortsam.state".
Found. Reading state file.
Starting to listen for Snort alerts.
Error: Packet out of sequence from 127.0.0.1, trying to re-sync.
Snort station 127.0.0.1 using wrong password, trying to re-sync.
Blocking host **.**.**.** completely for 300 seconds (Sig_ID: 882).
Blocking host **.**.**.** completely for 300 seconds (Sig_ID: 882).

I dont write any password in the conf file (default settings).

The third problem: since I can add " fwsam: " to all the rules? Without 
having to modify the rules of one in one. Is the well-read one that is 
using a file sid-block.map, I do not know the syntax.

I have more problems great, but we can begin with these three.

Thank you very much to all, and a greeting:)






More information about the Snort-users mailing list