[Snort-users] Snort and PF_RING DAQ

Joel Esler jesler at ...1935...
Wed Jun 6 08:14:50 EDT 2012


Please let me know if I can help by hosting on Snort.org, linking to you from Snort.org, blog post, etc.  

-- 
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager


On Wednesday, June 6, 2012 at 6:52 AM, Jaime Nebrera wrote:

> Hi Peter,
> 
> We have been working along the same lines and hope to make our DAQ 
> public very soon. We are just preparing the website to support this effort.
> 
> On 06/06/12 12:40, Peter Bates wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > 
> > Hello all
> > 
> > I've been testing a recent Snort and PF_RING (5.4.x) from SVN
> > and the DAQ bundled with that.
> > 
> > Obviously the DAQ is slightly 'non-standard' as it is not bundled with
> > the usual DAQ distribution.
> > 
> > During test I notice that the DAQ cannot acquire traffic unless Snort
> > is running as root - something I've avoided doing with Snort by
> > specifying a specific user/group with -u and -g for many years.
> > 
> > Is this privilege problem a fault of PF_RING, or a problem with Snort
> > not dropping privileges at the right point?
> > 
> > Thanks.
> > 
> > - -- 
> > Peter Bates
> > Senior Computer Security Officer Phone: +44(0)2076792049
> > Information Services Division Internal Ext: 32049
> > University College London
> > London WC1E 6BT
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.17 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> > 
> > iQEcBAEBAgAGBQJPzzOgAAoJELhVoVpEMS6RhIkH/izHttzTWEBjM5Gi1aRNEs2n
> > nlW3AGQbrOeV6ZNRTucVThL2sH0qOd3fylDm57Yz1LVhVIWMogzQt3q81ql5uFYf
> > YmyqXgyunaXX8/Bd3B0UbZ4r//YsJH5o1LKbD91x3+4lQqduFk8x4/CiWlLp9dOt
> > 6HqLt7NPbQSrdvEYAcbiYild7LbhFJ4x5CNH9367D5TxQjO9oP6TnhyemiE0/n3z
> > SUxz7mMLH1Ap3FISCCW71GcRSpb9r/b6Vyyk67htjm/WQASlyqH3YfsG1DGWhsNf
> > 2dKkM2Aoy2nBdHxKxP7eMa9TWSqHV8EouEcpvn+A6ptHIc8KqzwEFq1ZbCo2sQM=
> > =FIrk
> > -----END PGP SIGNATURE-----
> > 
> > 
> > ------------------------------------------------------------------------------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today's security and
> > threat landscape has changed and how IT managers can respond. Discussions
> > will include endpoint security, mobile security and the latest in malware
> > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > 
> > Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 
> 
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news! 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120606/08637305/attachment.html>


More information about the Snort-users mailing list