[Snort-users] Snort and PF_RING DAQ

Peter Bates peter.bates at ...15381...
Wed Jun 6 06:40:32 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

I've been testing a recent Snort and PF_RING (5.4.x) from SVN
and the DAQ bundled with that.

Obviously the DAQ is slightly 'non-standard' as it is not bundled with
the usual DAQ distribution.

During test I notice that the DAQ cannot acquire traffic unless Snort
is running as root - something I've avoided doing with Snort by
specifying a specific user/group with -u and -g for many years.

Is this privilege problem a fault of PF_RING, or a problem with Snort
not dropping privileges at the right point?

Thanks.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPzzOgAAoJELhVoVpEMS6RhIkH/izHttzTWEBjM5Gi1aRNEs2n
nlW3AGQbrOeV6ZNRTucVThL2sH0qOd3fylDm57Yz1LVhVIWMogzQt3q81ql5uFYf
YmyqXgyunaXX8/Bd3B0UbZ4r//YsJH5o1LKbD91x3+4lQqduFk8x4/CiWlLp9dOt
6HqLt7NPbQSrdvEYAcbiYild7LbhFJ4x5CNH9367D5TxQjO9oP6TnhyemiE0/n3z
SUxz7mMLH1Ap3FISCCW71GcRSpb9r/b6Vyyk67htjm/WQASlyqH3YfsG1DGWhsNf
2dKkM2Aoy2nBdHxKxP7eMa9TWSqHV8EouEcpvn+A6ptHIc8KqzwEFq1ZbCo2sQM=
=FIrk
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list