[Snort-users] (no subject)

Ashraf Ali ashrafali.ibs at ...11827...
Thu Apr 18 00:28:32 EDT 2013


Hi All,

I am new to IDS/Linux , So could any body pls explain me in a bit detail ,
on how to configure the barnyard2/snortsam to block a Pix firewall if some
alert triggers,


Regards,
Ashraf





On Wed, Apr 17, 2013 at 10:19 PM, waldo kitty <wkitty42 at ...14940...>wrote:

> On 4/17/2013 01:55, Prathibha P G wrote:
> > rpc_decode arguments:
> >      Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775
> 32776 32777
> > 32778 32779
> >      alert_fragments: INACTIVE
> >      alert_large_fragments: INACTIVE
> >      alert_incomplete: INACTIVE
> >      alert_multiple_requests: INACTIVE
> > *** buffer overflow detected ***: snort terminated
>
> if all snorts load the modules in the same order, then the next one would
> be
> FTPTelnet Config:...
>
> but we need to see your snort.conf to see what settings you have in
> there... i
> suspect you have too small a buffer defined somewhere...
>
> is this a prebuilt binary or is it one you built yourself? we can see that
> it is
> snort v2.9.1 but not what OS... it looks like one of the *nixes based on
> the
> prompt...
>
> --
> NOTE: No off-list assistance is given without prior approval.
>        Please keep mailing list traffic on the list unless
>        private contact is specifically requested and granted.
>
>
> ------------------------------------------------------------------------------
> Precog is a next-generation analytics platform capable of advanced
> analytics on semi-structured data. The platform includes APIs for building
> apps and a phenomenal toolset for data science. Developers can use
> our toolset for easy data analysis & visualization. Get a free account!
> http://www2.precog.com/precogplatform/slashdotnewsletter
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130418/59f61b86/attachment.html>


More information about the Snort-users mailing list