[Snort-users] Snort UDP traffic in loopback interface

Joel Esler (jesler) jesler at ...589...
Fri Dec 13 12:06:33 EST 2013

Looks like your sid-msg.map needs to be updated (pulledpork will build this for you) to include your custom rule, and barnyard needs to be reading this updated sid-msg.map.

Joel Esler
Intelligence Lead
OpenSource Manager
Vulnerability Research Team
Jabber: jesler at ...589...<mailto:jesler at ...589...>

On Dec 13, 2013, at 10:41 AM, Максим Завилов <zavilov_max at ...1975...<mailto:zavilov_max at ...1975...>> wrote:

Hi  all!!!

Please tell me why snort  displays  "Snort Alert"  instead msg: "DOS attack" for example (as specified in Rule)
For example:
12/12-14: 10:31.185469 [**] [1:100000160:2] Snort Alert [1:100000160:0] [**] [Classification: Attempted Denial of Service] [Priority: 2] {TCP} 213.180 .204.183:80 ->

and one more question:
I run snort in inline mode with the following parameters { /snort –Q --daq nfq –daq-var queue=1 -l /var/log/snort –c /etc/snort/snort.conf –v }
rule for iptables the following: iptables -A PREROUTING -t mangle -i eth0 -j NFQUEUE --queue-num 1
how to do so to Snort droped packets? replacement  alert -> drop in rules did not help me ....what am I doing wrong?
Any can help me? I will be very grateful to you.


Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20131213/57d82ac6/attachment.html>

More information about the Snort-users mailing list