[Snort-users] ERROR: pcap DAQ does not support inline.

praveen_recker . praveen_recker at ...4543...
Fri Jun 8 11:18:27 EDT 2012


use afpacket or nfq as DAQ instead of pcap.
Same can be updated in snort.conf file or passed as command line argument

cmd line:
/usr/local/snort/bin/snort -de -i eth0:eth1 *--daq afpacket* --daq-dir
/usr/local/lib/daq -c /usr/local/snort/etc/snort.conf
/usr/local/snort/bin/snort -de *--daq nfq* --daq-dir /usr/local/lib/daq -c
/usr/local/snort/etc/snort.conf

Best Regards,
Praveen Darshanam

On Fri, Jun 8, 2012 at 3:25 PM, jaime garvia garcia <jaimegarvia at ...125...
> wrote:

>  Hi everybody,
>
> I am using the last version of Snort in a VMware with Ubuntu12.04.
>
> If I run Snort like /usr/local/snort/bin/snort -de -i eth0:eth1 --daq-dir
> /usr/local/lib/daq -c /usr/local/snort/etc/snort.conf
>
> Snort works perfectly, but when i run Snort like IPS inline show me this
> error:
>
>
> ids at ...12178...:~$ sudo /usr/local/snort/bin/snort -Q -de -i eth0:eth1 --daq-dir
> /usr/local/lib/daq -c /usr/local/snort/etc/snort.conf
> Enabling inline operation
> Running in IDS mode
>
>         --== Initializing Snort ==--
> Initializing Output Plugins!
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file "/usr/local/snort/etc/snort.conf"
> PortVar 'HTTP_PORTS' defined :  [ 80:81 311 591 593 901 1220 1414 1830
> 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014
> 8028 8080 8088 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080 9090:9091
> 9443 9999 11371 55555 ]
> PortVar 'SHELLCODE_PORTS' defined :  [ 0:79 81:65535 ]
> PortVar 'ORACLE_PORTS' defined :  [ 1024:65535 ]
> PortVar 'SSH_PORTS' defined :  [ 22 ]
> PortVar 'FTP_PORTS' defined :  [ 21 2100 3535 ]
> PortVar 'SIP_PORTS' defined :  [ 5060:5061 5600 ]
> PortVar 'FILE_DATA_PORTS' defined :  [ 80:81 110 143 311 591 593 901 1220
> 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000
> 8008 8014 8028 8080 8088 8118 8123 8180:8181 8243 8280 8800 8888 8899 9080
> 9090:9091 9443 9999 11371 55555 ]
> PortVar 'GTP_PORTS' defined :  [ 2123 2152 3386 ]
> Detection:
>    Search-Method = AC-Full-Q
>     Split Any/Any group = enabled
>     Search-Method-Optimizations = enabled
>     Maximum pattern length = 20
> Tagged Packet Limit: 256
> Loading dynamic engine
> /usr/local/lib/snort_dynamicengine/libsf_engine.so... done
> Loading all dynamic detection libs from
> /usr/local/lib/snort_dynamicrules...
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/web-client.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/icmp.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/p2p.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/web-activex.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/snmp.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/netbios.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/exploit.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/chat.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/misc.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/nntp.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/imap.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/bad-traffic.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/web-misc.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/web-iis.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/specific-threats.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/dos.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/smtp.so... done
>   Loading dynamic detection library
> /usr/local/lib/snort_dynamicrules/multimedia.so... done
>   Finished Loading all dynamic detection libs from
> /usr/local/lib/snort_dynamicrules
> Loading all dynamic preprocessor libs from
> /usr/local/lib/snort_dynamicpreprocessor/...
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_reputation_preproc.so...
> done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dce2_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_imap_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ftptelnet_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dns_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_pop_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssl_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_ssh_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sdf_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_gtp_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_sip_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_smtp_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_dnp3_preproc.so... done
>   Loading dynamic preprocessor library
> /usr/local/lib/snort_dynamicpreprocessor//libsf_modbus_preproc.so... done
>   Finished Loading all dynamic preprocessor libs from
> /usr/local/lib/snort_dynamicpreprocessor/
> Log directory = /var/log/snort
> Normalizer config:
>          ip4: on
>      ip4::df: off
>      ip4::rf: off
>     ip4::tos: off
>    ip4::trim: off
>     ip4::ttl: on (min=1, new=5)
> Normalizer config:
>          tcp: on
>     tcp::ecn: stream
>     tcp::urp: on
>     tcp::opt: off
>     tcp::ips: on
> Normalizer config:
>        icmp4: on
> Normalizer config:
>          ip6: on
>    ip6::hops: on (min=1, new=5)
> Normalizer config:
>        icmp6: on
> Frag3 global config:
>     Max frags: 65536
>     Fragment memory cap: 4194304 bytes
> Frag3 engine config:
>     Bound Address: default
>     Target-based policy: WINDOWS
>     Fragment timeout: 180 seconds
>     Fragment min_ttl:   1
>     Fragment Anomalies: Alert
>     Overlap Limit:     10
>     Min fragment Length:     100
> Stream5 global config:
>     Track TCP sessions: ACTIVE
>     Max TCP sessions: 262144
>     Memcap (for reassembly packet storage): 8388608
>     Track UDP sessions: ACTIVE
>     Max UDP sessions: 131072
>     Track ICMP sessions: INACTIVE
>     Track IP sessions: INACTIVE
>     Log info if session memory consumption exceeds 1048576
>     Send up to 2 active responses
>     Wait at least 5 seconds between responses
>     Protocol Aware Flushing: ACTIVE
>         Maximum Flush Point: 16000
> Stream5 TCP Policy config:
>     Bound Address: default
>     Reassembly Policy: WINDOWS
>     Timeout: 180 seconds
>     Limit on TCP Overlaps: 10
>     Maximum number of bytes to queue per session: 1048576
>     Maximum number of segs to queue per session: 2621
>     Options:
>         Require 3-Way Handshake: YES
>         3-Way Handshake Timeout: 180
>         Detect Anomalies: YES
>     Reassembly Ports:
>       21 client (Footprint-IPS)
>       22 client (Footprint-IPS)
>       23 client (Footprint-IPS)
>       25 client (Footprint-IPS)
>       42 client (Footprint-IPS)
>       53 client (Footprint-IPS)
>       79 client (Footprint-IPS)
>       80 client (Footprint-IPS) server (Footprint-IPS)
>       81 client (Footprint-IPS) server (Footprint-IPS)
>       109 client (Footprint-IPS)
>       110 client (Footprint-IPS)
>       111 client (Footprint-IPS)
>       113 client (Footprint-IPS)
>       119 client (Footprint-IPS)
>       135 client (Footprint-IPS)
>       136 client (Footprint-IPS)
>       137 client (Footprint-IPS)
>       139 client (Footprint-IPS)
>       143 client (Footprint-IPS)
>       161 client (Footprint-IPS)
>       additional ports configured but not printed.
> Stream5 UDP Policy config:
>     Timeout: 180 seconds
> HttpInspect Config:
>     GLOBAL CONFIG
>       Max Pipeline Requests:    0
>       Inspection Type:          STATELESS
>       Detect Proxy Usage:       NO
>       IIS Unicode Map Filename: /usr/local/snort/etc/unicode.map
>       IIS Unicode Map Codepage: 1252
>       Memcap used for logging URI and Hostname: 150994944
>       Max Gzip Memory: 838860
>       Max Gzip Sessions: 6
>       Gzip Compress Depth: 65535
>       Gzip Decompress Depth: 65535
>     DEFAULT SERVER CONFIG:
>       Server profile: All
>       Ports (PAF): 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809
> 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088
> 8118 8123 8180 8181 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371
> 55555
>       Server Flow Depth: 0
>       Client Flow Depth: 0
>       Max Chunk Length: 500000
>       Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
>       Max Header Field Length: 750
>       Max Number Header Fields: 100
>       Max Number of WhiteSpaces allowed with header folding: 0
>       Inspect Pipeline Requests: YES
>       URI Discovery Strict Mode: NO
>       Allow Proxy Usage: NO
>       Disable Alerting: NO
>       Oversize Dir Length: 500
>       Only inspect URI: NO
>       Normalize HTTP Headers: NO
>       Inspect HTTP Cookies: YES
>       Inspect HTTP Responses: YES
>       Extract Gzip from responses: YES
>       Unlimited decompression of gzip data from responses: YES
>       Normalize Javascripts in HTTP Responses: YES
>       Max Number of WhiteSpaces allowed with Javascript Obfuscation in
> HTTP responses: 200
>       Normalize HTTP Cookies: NO
>       Enable XFF and True Client IP: NO
>       Log HTTP URI data: NO
>       Log HTTP Hostname data: NO
>       Extended ASCII code support in URI: NO
>       Ascii: YES alert: NO
>       Double Decoding: YES alert: NO
>       %U Encoding: YES alert: YES
>       Bare Byte: YES alert: NO
>       UTF 8: YES alert: NO
>       IIS Unicode: YES alert: NO
>       Multiple Slash: YES alert: NO
>       IIS Backslash: YES alert: NO
>       Directory Traversal: YES alert: NO
>       Web Root Traversal: YES alert: NO
>       Apache WhiteSpace: YES alert: NO
>       IIS Delimiter: YES alert: NO
>       IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
>       Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06
> 0x07
>       Whitespace Characters: 0x09 0x0b 0x0c 0x0d
> rpc_decode arguments:
>     Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776
> 32777 32778 32779
>     alert_fragments: INACTIVE
>     alert_large_fragments: INACTIVE
>     alert_incomplete: INACTIVE
>     alert_multiple_requests: INACTIVE
> FTPTelnet Config:
>     GLOBAL CONFIG
>       Inspection Type: stateful
>       Check for Encrypted Traffic: YES alert: NO
>       Continue to check encrypted data: YES
>     TELNET CONFIG:
>       Ports: 23
>       Are You There Threshold: 20
>       Normalize: YES
>       Detect Anomalies: YES
>     FTP CONFIG:
>       FTP Server: default
>         Ports (PAF): 21 2100 3535
>         Check for Telnet Cmds: YES alert: YES
>         Ignore Telnet Cmd Operations: YES alert: YES
>         Identify open data channels: NO
>       FTP Client: default
>         Check for Bounce Attacks: YES alert: YES
>         Check for Telnet Cmds: YES alert: YES
>         Ignore Telnet Cmd Operations: YES alert: YES
>         Max Response Length: 256
> SMTP Config:
>     Ports: 25 465 587 691
>     Inspection Type: Stateful
>     Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN
> EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND
> STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR
> XEXCH50 XGEN XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR CHUNKING X-ADAT
> X-DRCP X-ERCP X-EXCH50
>     Ignore Data: No
>     Ignore TLS Data: No
>     Ignore SMTP Alerts: No
>     Max Command Line Length: 512
>     Max Specific Command Line Length:
>        ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
>        EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
>        ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
>        IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
>        QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
>        SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
>        TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
>        XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
>        XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246
>        XUSR:246
>     Max Header Line Length: 1000
>     Max Response Line Length: 512
>     X-Link2State Alert: Yes
>     Drop on X-Link2State Alert: No
>     Alert on commands: None
>     Alert on unknown commands: No
>     SMTP Memcap: 838860
>     MIME Max Mem: 838860
>     Base64 Decoding: Enabled
>     Base64 Decoding Depth: Unlimited
>     Quoted-Printable Decoding: Enabled
>     Quoted-Printable Decoding Depth: Unlimited
>     Unix-to-Unix Decoding: Enabled
>     Unix-to-Unix Decoding Depth: Unlimited
>     7bit/8bit/binary Extraction: Enabled
>     7bit/8bit/binary Extraction Depth: Unlimited
>     Log Attachment filename: Enabled
>     Log MAIL FROM Address: Enabled
>     Log RCPT TO Addresses: Enabled
>     Log Email Headers: Enabled
>     Email Hdrs Log Depth: 1464
> SSH config:
>     Autodetection: ENABLED
>     Challenge-Response Overflow Alert: ENABLED
>     SSH1 CRC32 Alert: ENABLED
>     Server Version String Overflow Alert: ENABLED
>     Protocol Mismatch Alert: ENABLED
>     Bad Message Direction Alert: DISABLED
>     Bad Payload Size Alert: DISABLED
>     Unrecognized Version Alert: DISABLED
>     Max Encrypted Packets: 20
>     Max Server Version String Length: 100
>     MaxClientBytes: 19600 (Default)
>     Ports:
>     22
> DCE/RPC 2 Preprocessor Configuration
>   Global Configuration
>     DCE/RPC Defragmentation: Enabled
>     Memcap: 102400 KB
>     Events: co
>   Server Default Configuration
>     Policy: WinXP
>     Detect ports (PAF)
>       SMB: 139 445
>       TCP: 135
>       UDP: 135
>       RPC over HTTP server: 593
>       RPC over HTTP proxy: None
>     Autodetect ports (PAF)
>       SMB: None
>       TCP: 1025-65535
>       UDP: 1025-65535
>       RPC over HTTP server: 1025-65535
>       RPC over HTTP proxy: None
>     Invalid SMB shares: C$ D$ ADMIN$
>     Maximum SMB command chaining: 3 commands
> DNS config:
>     DNS Client rdata txt Overflow Alert: ACTIVE
>     Obsolete DNS RR Types Alert: INACTIVE
>     Experimental DNS RR Types Alert: INACTIVE
>     Ports: 53
> SSLPP config:
>     Encrypted packets: not inspected
>     Ports:
>       443      465      563      636      989
>       992      993      994      995     7801
>      7802     7900     7901     7902     7903
>      7904     7905     7906     7907     7908
>      7909     7910     7911     7912     7913
>      7914     7915     7916     7917     7918
>      7919     7920
>     Server side data is trusted
> Sensitive Data preprocessor config:
>     Global Alert Threshold: 25
>     Masked Output: DISABLED
> SIP config:
>     Max number of sessions: 40000
>     Max number of dialogs in a session: 4 (Default)
>     Status: ENABLED
>     Ignore media channel: DISABLED
>     Max URI length: 512
>     Max Call ID length: 80
>     Max Request name length: 20 (Default)
>     Max From length: 256 (Default)
>     Max To length: 256 (Default)
>     Max Via length: 1024 (Default)
>     Max Contact length: 512
>     Max Content length: 2048
>     Ports:
>     5060    5061    5600
>     Methods:
>       invite cancel ack bye register options refer subscribe update join
> info message notify benotify do qauth sprack publish service unsubscribe
> prack
> IMAP Config:
>     Ports: 143
>     IMAP Memcap: 838860
>     Base64 Decoding: Enabled
>     Base64 Decoding Depth: Unlimited
>     Quoted-Printable Decoding: Enabled
>     Quoted-Printable Decoding Depth: Unlimited
>     Unix-to-Unix Decoding: Enabled
>     Unix-to-Unix Decoding Depth: Unlimited
>     7bit/8bit/binary Extraction: Enabled
>     7bit/8bit/binary Extraction Depth: Unlimited
> POP Config:
>     Ports: 110
>     POP Memcap: 838860
>     Base64 Decoding: Enabled
>     Base64 Decoding Depth: Unlimited
>     Quoted-Printable Decoding: Enabled
>     Quoted-Printable Decoding Depth: Unlimited
>     Unix-to-Unix Decoding: Enabled
>     Unix-to-Unix Decoding Depth: Unlimited
>     7bit/8bit/binary Extraction: Enabled
>     7bit/8bit/binary Extraction Depth: Unlimited
> Modbus config:
>     Ports:
>     502
> DNP3 config:
>     Memcap: 262144
>     Check Link-Layer CRCs: ENABLED
>     Ports:
>     20000
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> 2901 Snort rules read
>     2901 detection rules
>     0 decoder rules
>     0 preprocessor rules
> 2901 Option Chains linked into 193 Chain Headers
> 0 Dynamic rules
> +++++++++++++++++++++++++++++++++++++++++++++++++++
>
> +-------------------[Rule Port
> Counts]---------------------------------------
> |             tcp     udp    icmp      ip
> |     src    1629      13       0       0
> |     dst    1052      54       0       0
> |     any     129      54      38      34
> |      nc     249      32       4       7
> |     s+d       0       3       0       0
>
> +----------------------------------------------------------------------------
>
>
> +-----------------------[detection-filter-config]------------------------------
> | memory-cap : 1048576 bytes
>
> +-----------------------[detection-filter-rules]-------------------------------
>
> -------------------------------------------------------------------------------
>
>
> +-----------------------[rate-filter-config]-----------------------------------
> | memory-cap : 1048576 bytes
>
> +-----------------------[rate-filter-rules]------------------------------------
> | none
>
> -------------------------------------------------------------------------------
>
>
> +-----------------------[event-filter-config]----------------------------------
> | memory-cap : 1048576 bytes
>
> +-----------------------[event-filter-global]----------------------------------
>
> +-----------------------[event-filter-local]-----------------------------------
> | none
>
> +-----------------------[suppression]------------------------------------------
> | none
>
> -------------------------------------------------------------------------------
> Rule application order:
> activation->dynamic->pass->drop->sdrop->reject->alert->log
> Verifying Preprocessor Configurations!
> ICMP tracking disabled, no ICMP sessions allocated
> IP tracking disabled, no IP sessions allocated
> WARNING: flowbits key 'ABSystemSpy_Inforetrieve1' is set but not ever
> checked.
> WARNING: flowbits key 'file.elf' is checked but not ever set.
> WARNING: flowbits key 'file.wma' is checked but not ever set.
> WARNING: flowbits key 'file.vqf' is checked but not ever set.
> WARNING: flowbits key 'file.pecompact' is checked but not ever set.
> WARNING: flowbits key 'file.flv' is set but not ever checked.
> WARNING: flowbits key 'file.cov' is checked but not ever set.
> WARNING: flowbits key 'file.tiff.big' is set but not ever checked.
> WARNING: flowbits key 'file.addin' is set but not ever checked.
> WARNING: flowbits key 'file.wmp_playlist' is checked but not ever set.
> WARNING: flowbits key 'file.xlw' is set but not ever checked.
> WARNING: flowbits key 'sslv2.server_hello.request' is checked but not ever
> set.
> WARNING: flowbits key 'file.wps' is set but not ever checked.
> WARNING: flowbits key 'file.jarpack' is set but not ever checked.
> WARNING: flowbits key 'starttls.attempt' is set but not ever checked.
> WARNING: flowbits key 'file.emf' is checked but not ever set.
> WARNING: flowbits key 'file.maki' is checked but not ever set.
> WARNING: flowbits key 'asp.upload' is checked but not ever set.
> 112 out of 1024 flowbits in use.
>
> [ Port Based Pattern Matching Memory ]
> +- [ Aho-Corasick Summary ] -------------------------------------
> | Storage Format    : Full-Q
> | Finite Automaton  : DFA
> | Alphabet Size     : 256 Chars
> | Sizeof State      : Variable (1,2,4 bytes)
> | Instances         : 153
> |     1 byte states : 143
> |     2 byte states : 10
> |     4 byte states : 0
> | Characters        : 55827
> | States            : 45231
> | Transitions       : 4820675
> | State Density     : 41.6%
> | Patterns          : 3018
> | Match States      : 2892
> | Memory (MB)       : 23.08
> |   Patterns        : 0.34
> |   Match Lists     : 0.68
> |   DFA
> |     1 byte states : 0.83
> |     2 byte states : 20.96
> |     4 byte states : 0.00
> +----------------------------------------------------------------
> [ Number of patterns truncated to 20 bytes: 537 ]
> ERROR: pcap DAQ does not support inline.
> Fatal Error, Quitting..
>
>
> Can you tell me what can I do?   Thank you so much
>
>
> Jaime
>
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120608/76ad5ea9/attachment.html>


More information about the Snort-users mailing list