[Snort-users] Help to run snort on linux machine

sri harsha harsha536 at ...11827...
Tue Mar 2 06:42:33 EST 2010


Hi,
    I am not able to detect attack packets using snort on linux PC. I
installed snort 2.8.5.1 on a linux PC. I'm using default configuration of
snort.conf. I'm sending attack packets from another linux machine with
destination as the snort installed PC. I'm using snot tool to send attack
packets. I observed the following alert message on the snort PC, when i sent
attack-response packets.

[**] [128:4:1] (spp_ssh) Protocol mismatch [**]
[Priority: 3]
03/02-11:00:08.532684 76.0.0.10:22 -> 4.4.4.10:49062
TCP TTL:197 TOS:0x0 ID:5234 IpLen:20 DgmLen:763
1*U*P*S* Seq: 0xA34D20A2  Ack: 0x97C04470  Win: 0x4B58  TcpLen: 20  UrgPtr:
0x87D9

[**] [122:1:0] (portscan) TCP Portscan [**]
[Priority: 3]
03/02-11:00:08.532692 4.4.4.10 -> 76.0.0.10
PROTO:255 TTL:0 TOS:0x0 ID:0 IpLen:20 DgmLen:155 DF

[**] [128:4:1] (spp_ssh) Protocol mismatch [**]
[Priority: 3]
03/02-11:00:14.590679 76.0.0.10:22 -> 4.4.4.10:17509
TCP TTL:83 TOS:0x0 ID:50679 IpLen:20 DgmLen:406
1****RSF Seq: 0xD5A78410  Ack: 0xBE5E0E08  Win: 0x39F5  TcpLen: 20

[**] [128:4:1] (spp_ssh) Protocol mismatch [**]
[Priority: 3]
03/02-11:00:17.620154 76.0.0.10:22 -> 4.4.4.10:37210
TCP TTL:252 TOS:0x0 ID:21173 IpLen:20 DgmLen:483
12U*P*S* Seq: 0xDB2FE072  Ack: 0x32A91A5C  Win: 0x8447  TcpLen: 20  UrgPtr:
0xEE86


Do i need to make any changes in the configuration of snort.conf? Thanks for
any help in advance.

Thanks,
Sriharsha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100302/73fe0650/attachment.html>


More information about the Snort-users mailing list