[Snort-users] Snort-users Digest, Vol 48, Issue 45

Pedro Marinho pppmarinho at ...11827...
Tue Jun 1 11:39:22 EDT 2010


Hello,

Thanks for the reply. The icmp rules are disabled. I did disable some unused
rules and some rules that are bad for the detection engine. After that the
dropped packet rate did fall to 20% Still high so i have to study which more
rules i have to disable here.


Message: 2
> Date: Sat, 29 May 2010 08:59:59 -0400
> From: firewalZ <firewalz at ...11827...>
> Subject: Re: [Snort-users] snort not generating lots of alerts
> To: Pedro Marinho <pppmarinho at ...11827...>
> Cc: snort-users at lists.sourceforge.net
> Message-ID:
>        <AANLkTin6LUJ93P6oUr6V1svOtVs-m6AhDyIzZPnpOrLA at ...11828...>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Try running snort from the command line to display packets (like
> tcpdump), make sure to sniff from the same interface you are using in
> snort.conf, make sure you see bidirectional traffic.
> Also, make sure you uncomment the rule catagories you want to use, I
> think its near the bottom of snort.conf, I believe there is an icmp
> rule set that is noisy.
>
>
>
> On Thu, May 27, 2010 at 3:54 PM, Pedro Marinho <pppmarinho at ...11827...>
> wrote:
> >
> > Hello gentlemen,
> >
> > I would like to ask if someone could post a snort.conf example for a
> sensor
> > that monitors a Microsoft Windows environment.. i think is something
> wrong
> > with my sensors.. i don?t know if it is because i have 2 or more
> instances
> > of snort running or maybe some misconfiguration..
> >
> > i would be very thankfull for some help
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> >
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
>
> ------------------------------
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100601/2cf8d4cb/attachment.html>


More information about the Snort-users mailing list