[Snort-users] Snort-users Digest, Vol 46, Issue 32

Tushar Modi TusharM at ...14801...
Thu Mar 25 12:06:35 EDT 2010


I just found we are using version 2.6 not 2.4. I would like to know, how
to update to newer version with latest signature.

Thanks

Tushar Modi
Sr. Network Analyst
JK Group Inc.
work:(609) 799-7830 Ext. 13732
Fax:(609)799-8019
Integrated Solutions for Global Philanthropy


-----Original Message-----
From: snort-users-request at lists.sourceforge.net
[mailto:snort-users-request at lists.sourceforge.net] 
Sent: Wednesday, March 24, 2010 4:00 PM
To: snort-users at lists.sourceforge.net
Subject: Snort-users Digest, Vol 46, Issue 32

Send Snort-users mailing list submissions to
	snort-users at lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.sourceforge.net/lists/listinfo/snort-users
or, via email, send a message with subject or body 'help' to
	snort-users-request at lists.sourceforge.net

You can reach the person managing the list at
	snort-users-owner at lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Snort-users digest..."


Today's Topics:

   1. Re: How many ports is considered a portsweep/portscan?
      (Nerijus Krukauskas)
   2.  Tap and Hub (D. Hofstee)
   3. Re: Tap and Hub (Nick Moore)
   4. Re: snort information (Tushar Modi)


----------------------------------------------------------------------

Message: 1
Date: Wed, 24 Mar 2010 20:14:02 +0200
From: Nerijus Krukauskas <nkrukauskas at ...11827...>
Subject: Re: [Snort-users] How many ports is considered a
	portsweep/portscan?
To: Joel Esler <joel.esler at ...14399...>
Cc: "snort-users at lists.sourceforge.net"
	<snort-users at lists.sourceforge.net>
Message-ID:
	<951e50da1003241114y414e3f84u5696e746286b46ba at ...11828...>
Content-Type: text/plain; charset=UTF-8

On 2010-03-24, Joel Esler <joel.esler at ...14399...> wrote:
> Ah. That makes sense. Tip: reply to all?

Hate this feature, when replying to mailing list post. In good old
days :) the mailing list posts ALL had reply-to mapped to mailing
list. Now it's different with each list... OK, this is starting to
look like old man whining... Gotta stop it. :)

-- 
http://nk99.org/



------------------------------

Message: 2
Date: Wed, 24 Mar 2010 20:14:09 +0100
From: "D. Hofstee" <hofstee at ...11827...>
Subject: [Snort-users]  Tap and Hub
To: snort-users at lists.sourceforge.net
Message-ID:
	<6b35b1711003241214rc4f8a98l194d4222c5277347 at ...11828...>
Content-Type: text/plain; charset="utf-8"

---------- Forwarded message ----------
From: D. Hofstee <hofstee at ...11827...>
Date: Wed, Mar 24, 2010 at 8:13 PM
Subject: Re: [Snort-users] Tap and Hub
To: Eoin Miller <eoin.miller at ...14586...>


well, for the sake of being curious: how do people monitor inter-server
traffic? A tap in front of the switch doesn't do the job.

bye,

David


On Wed, Mar 24, 2010 at 7:11 PM, Eoin Miller <
eoin.miller at ...14586...> wrote:

> Here is a good article/writeup about this:
> http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html
>
> -- Eoin
>
> On 3/24/2010 4:12 PM, akos.daniel at ...14798... wrote:
> > Hi,
> >
> > What is the difference between a network hub and a network tap?
> > Maybe a stupid question, but is there a "gigabit hub" on the market
or
> for
> > gigabit should I look for a tap?
> > (span port is not possible in my case...)
> > Thanks for the info.
> >
> > Akos
> >
> >
> >
>
------------------------------------------------------------------------
------
> > Download Intel® Parallel Studio Eval
> > Try the new software tools for yourself. Speed compiling, find bugs
> > proactively, and fine-tune applications for parallel performance.
> > See why Intel Parallel Studio got high marks during beta.
> > http://p.sf.net/sfu/intel-sw-dev
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
>
>
------------------------------------------------------------------------
------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
>
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0AS
nort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 3
Date: Wed, 24 Mar 2010 14:17:56 -0500
From: Nick Moore <nmoore at ...1935...>
Subject: Re: [Snort-users] Tap and Hub
To: "D. Hofstee" <hofstee at ...11827...>
Cc: snort-users at lists.sourceforge.net
Message-ID:
	<5c039a921003241217u3d040873ge9cc553037d677b0 at ...11828...>
Content-Type: text/plain; charset="iso-8859-1"

David,

That's why larger switches have the SPAN feature. In essence, it repeats
the
traffic of some or all the other switch ports out a designated port for
sniffers or IDS sensors. Here's more info:

http://www.enterprisenetworkingplanet.com/nethub/article.php/3766701

http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note
09186a008015c612.shtml


Nick

On Wed, Mar 24, 2010 at 2:14 PM, D. Hofstee <hofstee at ...11827...> wrote:

>
>
> ---------- Forwarded message ----------
> From: D. Hofstee <hofstee at ...11827...>
> Date: Wed, Mar 24, 2010 at 8:13 PM
> Subject: Re: [Snort-users] Tap and Hub
> To: Eoin Miller <eoin.miller at ...14586...>
>
>
> well, for the sake of being curious: how do people monitor
inter-server
> traffic? A tap in front of the switch doesn't do the job.
>
> bye,
>
> David
>
>
> On Wed, Mar 24, 2010 at 7:11 PM, Eoin Miller <
> eoin.miller at ...14586...> wrote:
>
>> Here is a good article/writeup about this:
>> http://www.lovemytool.com/blog/2007/08/span-ports-or-t.html
>>
>> -- Eoin
>>
>> On 3/24/2010 4:12 PM, akos.daniel at ...14798... wrote:
>> > Hi,
>> >
>> > What is the difference between a network hub and a network tap?
>> > Maybe a stupid question, but is there a "gigabit hub" on the market
or
>> for
>> > gigabit should I look for a tap?
>> > (span port is not possible in my case...)
>> > Thanks for the info.
>> >
>> > Akos
>> >
>> >
>> >
>>
------------------------------------------------------------------------
------
>> > Download Intel® Parallel Studio Eval
>> > Try the new software tools for yourself. Speed compiling, find bugs
>> > proactively, and fine-tune applications for parallel performance.
>> > See why Intel Parallel Studio got high marks during beta.
>> > http://p.sf.net/sfu/intel-sw-dev
>> > _______________________________________________
>> > Snort-users mailing list
>> > Snort-users at lists.sourceforge.net
>> > Go to this URL to change user options or unsubscribe:
>> > https://lists.sourceforge.net/lists/listinfo/snort-users
>> > Snort-users list archive:
>> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> >
>>
>>
>>
>>
------------------------------------------------------------------------
------
>> Download Intel® Parallel Studio Eval
>> Try the new software tools for yourself. Speed compiling, find bugs
>> proactively, and fine-tune applications for parallel performance.
>> See why Intel Parallel Studio got high marks during beta.
>> http://p.sf.net/sfu/intel-sw-dev
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0AS
nort-users>list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
>
>
>
------------------------------------------------------------------------
------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Nick Moore, SFCE, CISSP, CISA
Sr. Systems Engineer
Voice 708-336-9041
Email nick.moore at ...1935...
IM    nickgmoore (Yahoo)
      nickgmoore38 (AIM)

   ,,_
  o"  )~   Sourcefire - The Creators of Snort
   ''''

www.sourcefire.com         www.snort.org
-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

Message: 4
Date: Wed, 24 Mar 2010 15:47:22 -0400
From: "Tushar Modi" <TusharM at ...14801...>
Subject: Re: [Snort-users] snort information
To: <snort-users at ...314...>
Message-ID:
	
<9DAE5CA10EF4154AA7927184AF08AAFC01FC6DDE at ...14802...>
Content-Type: text/plain; charset="us-ascii"

Hi,

We are using older Snort 2.4 version and we would like to upgrade  it to
2.8 latest version. We are running older version in windows 2003 server.
If you please send us information , how to upgrade to 2.8 in windows
2003 server. I downloaded current version from your web site but I
really do not know how to upgrade and what is quickest method to upgrade
to latest version.

 

I appreciate it, If you please provide us information so we can upgrade
latest version with the current signature.

 

Thanks,

Tushar Modi

Sr. Network Analyst

JK Group Inc.

work:(609) 799-7830 Ext. 13732

Fax:(609)799-8019

Integrated Solutions for Global Philanthropy

 

From: Mike Guiterman [mailto:mguiterman at ...1935...] 
Sent: Wednesday, March 24, 2010 3:41 PM
To: Tushar Modi
Subject: Re: snort information

 

Check out the set-up guides here:
http://www.snort.org/docs/setup-guides/.  If you don't find one that
matches to your platform you should ask the snort-users mailing list.
Someone in the community may be able to provide guidance.

-mg

On Wed, Mar 24, 2010 at 3:31 PM, Tushar Modi <TusharM at ...14801...>
wrote:

Hi Mike,

 

Thank you for this quick reply, we are running 2.4 so how can I upgrade
it to 2.8. What is a process to upgrade current version. If you please
provide us a doc. With where and how to upgrade it. I appreciate it.

 

Thanks,

Tushar Modi

Sr. Network Analyst

JK Group Inc.

work:(609) 799-7830 Ext. 13732

Fax:(609)799-8019

Integrated Solutions for Global Philanthropy

 

From: Mike Guiterman [mailto:mguiterman at ...1935...] 
Sent: Wednesday, March 24, 2010 3:27 PM
To: Tushar Modi
Cc: snort-team at ...1935...
Subject: Re: snort information

 

Hi Tushar,

You've got to upgrade your Snort Install.  Snort is currently at version
2.8.5.3.  Snort 2.4 hasn't been supported for quite some time.

Regards,

Mike

-- 
Mike Guiterman
Snort Community Manager
Sourcefire, Inc.
mguiterman at ...1935...
410.423.1930 (office)
703.400.4091 (mobile)

On Wed, Mar 24, 2010 at 3:23 PM, Tushar Modi <TusharM at ...14801...>
wrote:

Hi,

 

We are using your snort IDS version 2.4 and we would like to update the
signature with the current version. I appreciate it, if  you please
provide us information to update the signature with the current version.

 

Thanks,

 

Tushar Modi

Sr. Network Analyst

JK Group Inc.

work:(609) 799-7830 Ext. 13732

Fax:(609)799-8019

Integrated Solutions for Global Philanthropy

 





 

-------------- next part --------------
An HTML attachment was scrubbed...

------------------------------

------------------------------------------------------------------------
------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

------------------------------

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-users


End of Snort-users Digest, Vol 46, Issue 32
*******************************************




More information about the Snort-users mailing list