[Snort-users] Snorby Snort or Barnyard scrambles IPs

Alex Aune lists at ...16762...
Tue Apr 1 03:08:13 EDT 2014


Barnyard2 has an option to obfuscate IPs. I've never tried it so I'm not 
certain it'll use the X's seen below.

See "config obfuscate"

Alex

On 31.03.2014 08:57, Ilja Schumacher wrote:
> Hey fellows,
> 
> I have just finished setting up snort barnyard mysql pulledpork and
> snorby in an ARM5 box.
> 
> Everything works very nice except that snorby shows totally scrambled
> IPS for source and destination.
> 
> Example:
>  Real source 82.56.35.23
>  Real destination 192.168.1.13
> 
> Snorby shows:
>  Source 82.56.XX1.13
>  Destination 192.168.X35.23
> 
> X is 1 most of the time.
> 
> Setup is:
>  Internet. Firewall/NAT. LanportMirror. Snort.
> 
> Do you have a clue what may cause such strange behaviour?
> 
> Cheers
>  Ilja
> ------------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest 
> Snort news!




More information about the Snort-users mailing list