[Snort-users] I am a newbie

Fabien Delmotte fdelmotte1 at ...3027...
Fri Jan 3 11:04:35 EST 2014


Hello Waldo,

I am updating my snort (I am under Debian and it seems that the package is old).

> what is the problem? all you've written are statements about what you did but 
> nothing about what you expect to see or what you are seeing...


I would like to see a log.

Regards

Fabien

Le 3 janv. 2014 à 16:06, waldo kitty <wkitty42 at ...14940...> a écrit :

> On 1/3/2014 5:36 AM, Fabien Delmotte wrote:
>> Hello
>> 
>> I am using snort 2.9.2.2
> 
> that's really old and is no longer supported...
> 
> http://blog.snort.org/2012/08/snort-2922-is-end-of-life.html
> 
> 
>> I am trying to setup a rule for UDP flow
>> # DOS-UDP Flooding Attack RULE
>> #alert udp $EXTERNAL_NET any -> $HOME_NET any (msg:"UDP_Flood Attack!!!!!";
>> threshold:type threshold, track by_src, count 3, seconds 20; sid:1000001; rev:1;)
>> 
>> alert udp any any -> any any (msg:"UDP_Flood Attack!!!!!";sid:1000001;)
> 
> you should put a revision number on all your rules... increment any time the 
> rule gets a major update to its detection functionality...
> 
>> #alert icmp any any -> anyT any (msg:"ICMP testing"; sid:10000001;)
>> 
>> I am sending UDP packet (I done a TCPDUMP)
>> 
>> I also removed all the rule in the snort.conf file, I just let my rule :)
>> 
>> Any comment ?
> 
> what is the problem? all you've written are statements about what you did but 
> nothing about what you expect to see or what you are seeing...
> 
> -- 
> NOTE: No off-list assistance is given without prior approval.
>       Please keep mailing list traffic on the list unless
>       private contact is specifically requested and granted.
> 
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT 
> organizations don't have a clear picture of how application performance 
> affects their revenue. With AppDynamics, you get 100% visibility into your 
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list