[Snort-users] Snort and PF_RING DAQ

Russ Combs rcombs at ...1935...
Wed Jun 6 08:38:00 EDT 2012


On Wed, Jun 6, 2012 at 8:14 AM, Joel Esler <jesler at ...1935...> wrote:

>  Please let me know if I can help by hosting on Snort.org, linking to you
> from Snort.org, blog post, etc.
>
> --
> Joel Esler
> Senior Research Engineer, VRT
> OpenSource Community Manager
>
> On Wednesday, June 6, 2012 at 6:52 AM, Jaime Nebrera wrote:
>
>  Hi Peter,
>
> We have been working along the same lines and hope to make our DAQ
> public very soon. We are just preparing the website to support this effort.
>
> On 06/06/12 12:40, Peter Bates wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello all
>
> I've been testing a recent Snort and PF_RING (5.4.x) from SVN
> and the DAQ bundled with that.
>
> Obviously the DAQ is slightly 'non-standard' as it is not bundled with
> the usual DAQ distribution.
>
> During test I notice that the DAQ cannot acquire traffic unless Snort
> is running as root - something I've avoided doing with Snort by
> specifying a specific user/group with -u and -g for many years.
>
> Is this privilege problem a fault of PF_RING, or a problem with Snort
> not dropping privileges at the right point?
>
> Snort drops privileges at the right point for other DAQs ...

>
> Thanks.
>
> - --
> Peter Bates
> Senior Computer Security Officer Phone: +44(0)2076792049
> Information Services Division Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJPzzOgAAoJELhVoVpEMS6RhIkH/izHttzTWEBjM5Gi1aRNEs2n
> nlW3AGQbrOeV6ZNRTucVThL2sH0qOd3fylDm57Yz1LVhVIWMogzQt3q81ql5uFYf
> YmyqXgyunaXX8/Bd3B0UbZ4r//YsJH5o1LKbD91x3+4lQqduFk8x4/CiWlLp9dOt
> 6HqLt7NPbQSrdvEYAcbiYild7LbhFJ4x5CNH9367D5TxQjO9oP6TnhyemiE0/n3z
> SUxz7mMLH1Ap3FISCCW71GcRSpb9r/b6Vyyk67htjm/WQASlyqH3YfsG1DGWhsNf
> 2dKkM2Aoy2nBdHxKxP7eMa9TWSqHV8EouEcpvn+A6ptHIc8KqzwEFq1ZbCo2sQM=
> =FIrk
> -----END PGP SIGNATURE-----
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120606/1453b114/attachment.html>


More information about the Snort-users mailing list