No subject


Thu Nov 23 16:36:19 EST 2017


output from the minimized snort window.  I can't quite figure out what is
wrong.  Another set of eyes looking at this is what I am hoping someone will
do and see a problem.

TIA for your help 

Rich 
PS Sorry it is a long post, but I did not want to do an attachment. 

[Begin config] 
[************cmd line*********] 
c:\snort\Snort.exe -c "c:\snort\snort.conf" -l "c:\snort\log" -h
aaa.bbb.ccc.ddd/32 -i 1 -a -b -C -d -e -O -X -I -G basic -U -y

[*NOTE, yes I blanked out my IP above.  It is a public IP*] 

 

[***********snort.conf**************] 
#-------------------------------------------------- 
#   http://www.activeworx.com <http://www.activeworx.com>  Snort 1.8.6
Ruleset 
#     IDS Policy Manager Version: 1.3 Build(31) 
# Current Database Updated -- May 10, 2002 10:55 AM 
#-------------------------------------------------- 
# 
## Variables 
## --------- 
#var HOME_NET 10.1.1.0/24 
#var HOME_NET $eth0_ADDRESS 
#var HOME_NET [10.1.1.0/24,192.168.1.0/24] 
var HOME_NET any 
var EXTERNAL_NET any 
var SMTP $HOME_NET 
var HTTP_SERVERS $HOME_NET 
var SQL_SERVERS $HOME_NET 
var DNS_SERVERS $HOME_NET 
#var RULE_PATH ./ 
var RULE_PATH c:\snort\rules 
var SHELLCODE_PORTS !80 
#var SPADEDIR . 
# 
## Preprocessor Support 
## -------------------- 
preprocessor http_decode: 80 -cginull -unicode 
preprocessor rpc_decode: 111 32771 
preprocessor bo: 
preprocessor stream4: detect_scans 
preprocessor stream4_reassemble 
preprocessor portscan: $HOME_NET 4 3 portscan.log 
#preprocessor portscan-ignorehosts: 0.0.0.0 
preprocessor frag2 
preprocessor telnet_decode 
# 
# 
## Output Modules 
## -------------- 
#output database: log, unixodbc, dbname=snort user=snort host=localhost
password=test 
output CSV: log default 
output log_tcpdump: snorttcp.log 
#output xml: Log, file=/var/log/snortxml 
output log_unified: filename snort.log, limit 128 
# 
#output alert_syslog: LOG_AUTH LOG_ALERT 
#output alert_unified: filename snort.alert, limit 128 
#output trap_snmp: alert, 7, inform -v 3 -p 162 -l authPriv -u snortUser -x
DES -X "" -a SHA -A "" myTrapListener 
# 
## Custom Rules 
## ------------ 
ruletype suspicious 
{ 
 type log 
 output log_tcpdump: suspicious.log 
} 
ruletype redalert 
{ 
 type alert 
 output alert_syslog: LOG_AUTH LOG_ALERT 
# output database: log, mysql, user=snort dbname=snort host=localhost 
} 
#ruletype <New_Custom_Rules> 
#{ 
#} 
# 
## Include Files 
## ------------- 
include classification.config 
# 
include $RULE_PATH/bad-traffic.rules 
include $RULE_PATH/exploit.rules 
include $RULE_PATH/scan.rules 
include $RULE_PATH/finger.rules 
include $RULE_PATH/ftp.rules 
include $RULE_PATH/telnet.rules 
include $RULE_PATH/smtp.rules 
include $RULE_PATH/rpc.rules 
include $RULE_PATH/rservices.rules 
include $RULE_PATH/dos.rules 
include $RULE_PATH/ddos.rules 
include $RULE_PATH/dns.rules 
include $RULE_PATH/tftp.rules 
include $RULE_PATH/web-cgi.rules 
include $RULE_PATH/web-coldfusion.rules 
include $RULE_PATH/web-iis.rules 
include $RULE_PATH/web-frontpage.rules 
include $RULE_PATH/web-misc.rules 
include $RULE_PATH/web-attacks.rules 
include $RULE_PATH/sql.rules 
include $RULE_PATH/x11.rules 
include $RULE_PATH/icmp.rules 
include $RULE_PATH/netbios.rules 
include $RULE_PATH/misc.rules 
include $RULE_PATH/attack-responses.rules 
include $RULE_PATH/backdoor.rules 
include $RULE_PATH/shellcode.rules 
include $RULE_PATH/policy.rules 
include $RULE_PATH/porn.rules 
include $RULE_PATH/info.rules 
include $RULE_PATH/icmp-info.rules 
include $RULE_PATH/virus.rules 
#include $RULE_PATH/experimental.rules 
include $RULE_PATH/local.rules 

 

{*********Snort Screen*************} 

Log directory = c:\snort\log 

Initializing Network Interface \ 

        --== Initializing Snort ==-- 
Decoding Ethernet on interface \Device\Packet_NdisWanIp 
Initializing Preprocessors! 
Initializing Plug-ins! 
Initializating Output Plugins! 
Parsing Rules file c:\snort\snort.conf 

+++++++++++++++++++++++++++++++++++++++++++++++++++ 
Initializing rule chains... 
Stream4 config: 
    Stateful inspection: ACTIVE 
    Session statistics: INACTIVE 
    Session timeout: 30 seconds 
    Session memory cap: 8388608 bytes 
    State alerts: INACTIVE 
    Scan alerts: ACTIVE 
    Log Flushed Streams: INACTIVE 
No arguments to stream4_reassemble, setting defaults: 
     Reassemble client: ACTIVE 
     Reassemble server: INACTIVE 
     Reassemble ports: 21 23 25 53 80 143 110 111 513 
     Reassembly alerts: ACTIVE 
     Reassembly method: FAVOR_OLD 
Using GMT time 
No arguments to frag2 directive, setting defaults to: 
    Fragment timeout: 60 seconds 
    Fragment memory cap: 4194304 bytes 
ProcessFileOption: c:\snort\log/log 
WARNING: command line overrides rules file logging plugin! 
WARNING: command line overrides rules file logging plugin! 
WARNING: command line overrides rules file logging plugin! 
980 Snort rules read... 
980 Option Chains linked into 100 Chain Headers 
0 Dynamic rules 
+++++++++++++++++++++++++++++++++++++++++++++++++++ 

Rule application order:
->activation->dynamic->alert->pass->log->suspicious->red 
alert 

        --== Initialization Complete ==-- 

-*> Snort! <*- 
Version 1.8-WIN32 (Build 103) 
By Martin Roesch (roesch at ...1935..., www.snort.org) 
1.7-WIN32 Port By Michael Davis (mike at ...92...,
www.datanerds.net/~mike) 
1.8-WIN32 Port By Chris Reid (chris.reid at ...3029...) 
          (based on code from 1.7 port) 

[End config] 


------_=_NextPart_001_01C1FCF3.56AAC850
Content-Type: text/html;
	charset="iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>SNORT newbie looking for some help with Snort on Win2k</TITLE>

<META content="MSHTML 6.00.2712.300" name=GENERATOR>
<STYLE>@font-face {
	font-family: Tahoma;
}
@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in 1.25in; }
P.MsoNormal {
	FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
	FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
	FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
	COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
	COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
	COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
	COLOR: blue; TEXT-DECORATION: underline
}
P {
	FONT-SIZE: 12pt; MARGIN-LEFT: 0in; MARGIN-RIGHT: 0in; FONT-FAMILY: "Times New Roman"
}
SPAN.EmailStyle18 {
	COLOR: navy; FONT-FAMILY: Arial
}
SPAN.EmailStyle19 {
	COLOR: navy; FONT-FAMILY: Arial
}
DIV.Section1 {
	page: Section1
}
</STYLE>
</HEAD>
<BODY lang=EN-US vLink=blue link=blue>
<DIV><SPAN class=838180316-16052002><FONT face=Arial color=#0000ff size=2>Hi 
all.  Is there a defined time-out period for snort.  I leave it 
running when I leave for the evening and by the time I come back in the morning 
it has exited.  All I can see in the logs is that the interface has left 
promiscous mode.  </FONT></SPAN></DIV>
<DIV><SPAN class=838180316-16052002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=838180316-16052002><FONT face=Arial color=#0000ff size=2>Any 
ideas?  All suggestions and helpful comments are greatly 
appreciated.</FONT></SPAN></DIV>
<DIV><SPAN class=838180316-16052002><FONT face=Arial color=#0000ff 
size=2></FONT></SPAN> </DIV>
<DIV><SPAN class=838180316-16052002><FONT face=Arial color=#0000ff 
size=2>Steve</FONT></SPAN></DIV>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
  <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma 
  size=2>-----Original Message-----<BR><B>From:</B> Michael Steele 
  [mailto:michaels at ...155...]<BR><B>Sent:</B> Thursday, May 16, 2002 
  10:58 AM<BR><B>To:</B> 'Richard Roy'; 
  snort-users at lists.sourceforge.net<BR><B>Subject:</B> RE: [Snort-users] SNORT 
  newbie looking for some help with Snort on Win2k<BR><BR></FONT></DIV>
  <DIV class=Section1>
  <P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Richard,</SPAN></FONT></P>
  <P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
  <P class=MsoNormal><FONT face=Arial color=navy size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Sounds like you have 
  the permissions set incorrectly for the CGI folder. Make sure that the IUSER 
  has full access to the folder. If you need some guidance then you can go to 
  our site, there you will find a complete walk through for Windows and either 
  Snortsnarf or for Acid as your viewer. Let me know how thing 
  go.</SPAN></FONT></P>
  <DIV>
  <P><FONT face="Times New Roman" color=navy size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: navy">Michael Steele | Support 
  Technician    <BR><A 
  href="mailto:michaels at ...155...">mailto:michaels at ...155...</A><BR>Silicon 
  Defense: IDS solutions - <A 
  href="http://www.silicondefense.com">http://www.silicondefense.com</A><BR>Snort: 
  Open Source Network IDS - <A 
  href="http://www.snort.org">http://www.snort.org</A></SPAN></FONT></P></DIV>
  <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Tahoma size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">-----Original 
  Message-----<BR><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Richard 
  Roy [mailto:royr at ...5882...] <BR><B><SPAN 
  style="FONT-WEIGHT: bold">Sent:</SPAN></B> </SPAN></FONT><FONT face=Tahoma 
  size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">May 16, 
  2002</SPAN></FONT><FONT face=Tahoma size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> </SPAN></FONT><FONT face=Tahoma 
  size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">7:16 
  AM</SPAN></FONT><FONT face=Tahoma size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"><BR><B><SPAN 
  style="FONT-WEIGHT: bold">To:</SPAN></B> 'Michael Steele'<BR><B><SPAN 
  style="FONT-WEIGHT: bold">Subject:</SPAN></B> RE: [Snort-users] SNORT newbie 
  looking for some help with Snort on Win2k</SPAN></FONT></P>
  <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face="Times New Roman" 
  size=3><SPAN style="FONT-SIZE: 12pt"></SPAN></FONT> </P>
  <DIV>
  <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial color=blue 
  size=2><SPAN style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial">I've 
  definately got it logging now, without IDS center.  I have it logging to 
  MySQL (there were 15 events at last check) but now I can not get ACID to work 
  at all.  I get a CGI error that "</SPAN></FONT><FONT color=black><SPAN 
  style="COLOR: black">The specified CGI application misbehaved by not returning 
  a complete set of HTTP headers. The headers it did return are"   But 
  that is it, no headers are there.  It is supposed to be using PHP and the 
  .cgi is mapped the same as .php which didn't help.  Any thoughts?  
  </SPAN></FONT></P></DIV>
  <DIV>
  <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Tahoma size=3><SPAN 
  style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma"><BR></SPAN></FONT><FONT 
  face=Arial color=blue size=2><SPAN 
  style="FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Arial">[Rich 
  Roy] </SPAN></FONT></P></DIV>
  <DIV>
  <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Tahoma size=3><SPAN 
  style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma"></SPAN></FONT> </P></DIV>
  <DIV>
  <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Tahoma size=3><SPAN 
  style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma"></SPAN></FONT> </P></DIV>
  <DIV>
  <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Tahoma size=3><SPAN 
  style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma"></SPAN></FONT> </P></DIV>
  <DIV>
  <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Tahoma size=3><SPAN 
  style="FONT-SIZE: 12pt; FONT-FAMILY: Tahoma"></SPAN></FONT> </P></DIV>
  <DIV>
  <P class=MsoNormal 
  style="MARGIN-BOTTOM: 12pt; MARGIN-LEFT: 0.5in; MARGIN-RIGHT: 0in"><FONT 
  face=Tahoma size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> -----Original 
  Message-----<BR><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Michael 
  Steele [mailto:michaels at ...155...]<BR><B><SPAN 
  style="FONT-WEIGHT: bold">Sent:</SPAN></B> </SPAN></FONT><FONT face=Tahoma 
  size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">Wednesday, May 15, 
  2002</SPAN></FONT><FONT face=Tahoma size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> </SPAN></FONT><FONT face=Tahoma 
  size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">5:29 
  PM</SPAN></FONT><FONT face=Tahoma size=2><SPAN 
  style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"><BR><B><SPAN 
  style="FONT-WEIGHT: bold">To:</SPAN></B> 'Richard Roy'<BR><B><SPAN 
  style="FONT-WEIGHT: bold">Subject:</SPAN></B> RE: [Snort-users] SNORT newbie 
  looking for some help with Snort on Win2k</SPAN></FONT></P></DIV>
  <BLOCKQUOTE style="MARGIN-TOP: 5pt; MARGIN-BOTTOM: 5pt; MARGIN-RIGHT: 0in">
    <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial color=navy 
    size=2><SPAN 
    style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">Richard,</SPAN></FONT></P>
    <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial color=navy 
    size=2><SPAN 
    style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
    <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial color=navy 
    size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">If you 
    are not sure your logging, you can place this rule in your local.rules file 
    and activate the local.rules file in the snort.conf file. Now generate some 
    traffic with your browser and you should see your log file 
    grow.</SPAN></FONT></P>
    <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial color=navy 
    size=2><SPAN 
    style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
    <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial color=navy 
    size=2><SPAN 
    style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
    <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial color=navy 
    size=2><SPAN style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">alert 
    tcp any any <> any any (msg:"alert-local test";)</SPAN></FONT></P>
    <P class=MsoNormal style="MARGIN-LEFT: 0.5in"><FONT face=Arial color=navy 
    size=2><SPAN 
    style="FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial"></SPAN></FONT> </P>
    <DIV>
    <P style="MARGIN-BOTTOM: 12pt; MARGIN-LEFT: 0.5in; MARGIN-RIGHT: 0in"><FONT 
    face="Times New Roman" color=navy size=2><SPAN 
    style="FONT-SIZE: 10pt; COLOR: navy">Michael Steele | Support 
    Technician<BR><A 
    href="mailto:michaels at ...155...">mailto:michaels at ...155...</A><BR>Silicon 
    Defense: IDS solutions - <A 
    href="http://www.silicondefense.com">http://www.silicondefense.com</A><BR>Snort: 
    Open Source Network IDS - <A 
    href="http://www.snort.org">http://www.snort.org</A></SPAN></FONT></P></DIV>
    <P class=MsoNormal style="MARGIN-LEFT: 1in"><FONT face=Tahoma size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">-----Original 
    Message-----<BR><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> 
    snort-users-admin at lists.sourceforge.net 
    [mailto:snort-users-admin at lists.sourceforge.net] <B><SPAN 
    style="FONT-WEIGHT: bold">On Behalf Of </SPAN></B>Richard Roy<BR><B><SPAN 
    style="FONT-WEIGHT: bold">Sent:</SPAN></B> </SPAN></FONT><FONT face=Tahoma 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">Wednesday, May 15, 
    2002</SPAN></FONT><FONT face=Tahoma size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"> </SPAN></FONT><FONT 
    face=Tahoma size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">7:50 
    AM</SPAN></FONT><FONT face=Tahoma size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"><BR><B><SPAN 
    style="FONT-WEIGHT: bold">To:</SPAN></B> </SPAN></FONT><FONT face=Tahoma 
    size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma">snort-users at lists.sourceforge.net</SPAN></FONT><FONT 
    face=Tahoma size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"><BR><B><SPAN 
    style="FONT-WEIGHT: bold">Subject:</SPAN></B> [Snort-users] SNORT newbie 
    looking for some help with Snort on Win2k</SPAN></FONT></P>
    <P class=MsoNormal style="MARGIN-LEFT: 1in"><FONT face="Times New Roman" 
    size=3><SPAN style="FONT-SIZE: 12pt"></SPAN></FONT> </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">I set up SNORT using IDSCentre 
    and tested the config using the applet.  I received no error messages, 
    the SNORT window is minimized and things appear to work, yet there are no 
    alerts, no log entries, nothing.  I know we are under hits all the 
    time, my firewall reports blocking them.  </SPAN></FONT></P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Setup:</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">W2K Pro 
    p3 733.  On a hub with router and firewall external interface.  I 
    have 64 public IP's and I'd like to scan the range if possible.  I am 
    including the following.   </SPAN></FONT></P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">From IDSCentre the command line 
    it fires, the snort.conf file and the screen output from the minimized snort 
    window.  I can't quite figure out what is wrong.  Another set of 
    eyes looking at this is what I am hoping someone will do and see a 
    problem.</SPAN></FONT></P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">TIA for your help</SPAN></FONT> 
    </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Rich</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">PS Sorry 
    it is a long post, but I did not want to do an attachment.</SPAN></FONT> 
</P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">[Begin config]</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">[************cmd 
    line*********]</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">c:\snort\Snort.exe -c 
    "c:\snort\snort.conf" -l "c:\snort\log" -h aaa.bbb.ccc.ddd/32 -i 1 -a -b -C 
    -d -e -O -X -I -G basic -U -y</SPAN></FONT></P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">[*NOTE, yes I blanked out my IP 
    above.  It is a public IP*]</SPAN></FONT> </P>
    <P class=MsoNormal style="MARGIN-LEFT: 1in"><FONT face="Times New Roman" 
    size=3><SPAN style="FONT-SIZE: 12pt"></SPAN></FONT> </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">[***********snort.conf**************]</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#--------------------------------------------------</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#   <A 
    href="http://www.activeworx.com" target=_blank>http://www.activeworx.com</A> 
    Snort 1.8.6 Ruleset</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#     IDS 
    Policy Manager Version: 1.3 Build(31)</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"># Current Database 
    Updated -- May 10, 2002 10:55 AM</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#--------------------------------------------------</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">## 
    Variables</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">## ---------</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#var HOME_NET 
    10.1.1.0/24</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#var HOME_NET 
    $eth0_ADDRESS</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#var HOME_NET 
    [10.1.1.0/24,192.168.1.0/24]</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">var HOME_NET any</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">var EXTERNAL_NET 
    any</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">var SMTP $HOME_NET</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">var HTTP_SERVERS 
    $HOME_NET</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">var SQL_SERVERS 
    $HOME_NET</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">var DNS_SERVERS 
    $HOME_NET</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#var RULE_PATH ./</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">var RULE_PATH 
    c:\snort\rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">var SHELLCODE_PORTS 
    !80</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#var SPADEDIR .</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">## 
    Preprocessor Support</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">## 
    --------------------</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">preprocessor http_decode: 80 
    -cginull -unicode</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">preprocessor rpc_decode: 111 
    32771</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">preprocessor bo:</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">preprocessor stream4: 
    detect_scans</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">preprocessor 
    stream4_reassemble</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">preprocessor portscan: $HOME_NET 
    4 3 portscan.log</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#preprocessor 
    portscan-ignorehosts: 0.0.0.0</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">preprocessor 
    frag2</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">preprocessor 
    telnet_decode</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">## 
    Output Modules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">## --------------</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#output database: log, unixodbc, 
    dbname=snort user=snort host=localhost password=test</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">output 
    CSV: log default</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">output log_tcpdump: 
    snorttcp.log</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#output xml: Log, 
    file=/var/log/snortxml</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">output log_unified: filename 
    snort.log, limit 128</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#output 
    alert_syslog: LOG_AUTH LOG_ALERT</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#output 
    alert_unified: filename snort.alert, limit 128</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#output 
    trap_snmp: alert, 7, inform -v 3 -p 162 -l authPriv -u snortUser -x DES -X 
    "" -a SHA -A "" myTrapListener</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">## Custom Rules</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">## ------------</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">ruletype 
    suspicious</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">{</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> type log</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> output log_tcpdump: 
    suspicious.log</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">}</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">ruletype 
    redalert</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">{</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> type alert</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> output alert_syslog: 
    LOG_AUTH LOG_ALERT</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"># output database: log, mysql, 
    user=snort dbname=snort host=localhost</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">}</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#ruletype 
    <New_Custom_Rules></SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#{</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#}</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">## 
    Include Files</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">## -------------</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    classification.config</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/bad-traffic.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/exploit.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/scan.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/finger.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/ftp.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/telnet.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/smtp.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/rpc.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/rservices.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/dos.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/ddos.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/dns.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/tftp.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/web-cgi.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/web-coldfusion.rules</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/web-iis.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/web-frontpage.rules</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/web-misc.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/web-attacks.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/sql.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/x11.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/icmp.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/netbios.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/misc.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/attack-responses.rules</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/backdoor.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/shellcode.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/policy.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/porn.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/info.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/icmp-info.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/virus.rules</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">#include 
    $RULE_PATH/experimental.rules</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">include 
    $RULE_PATH/local.rules</SPAN></FONT> </P>
    <P class=MsoNormal style="MARGIN-LEFT: 1in"><FONT face="Times New Roman" 
    size=3><SPAN style="FONT-SIZE: 12pt"></SPAN></FONT> </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">{*********Snort 
    Screen*************}</SPAN></FONT> </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Log directory = 
    c:\snort\log</SPAN></FONT> </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Initializing Network Interface 
    \</SPAN></FONT> </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">        
    --== Initializing Snort ==--</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Decoding Ethernet on interface 
    \Device\Packet_NdisWanIp</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Initializing 
    Preprocessors!</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Initializing 
    Plug-ins!</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Initializating Output 
    Plugins!</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Parsing Rules file 
    c:\snort\snort.conf</SPAN></FONT> </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">+++++++++++++++++++++++++++++++++++++++++++++++++++</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Initializing rule 
    chains...</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Stream4 config:</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">    Stateful 
    inspection: ACTIVE</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">    Session 
    statistics: INACTIVE</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">    Session 
    timeout: 30 seconds</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">    Session 
    memory cap: 8388608 bytes</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">    State alerts: 
    INACTIVE</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">    Scan alerts: 
    ACTIVE</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">    Log Flushed 
    Streams: INACTIVE</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">No arguments to 
    stream4_reassemble, setting defaults:</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">     
    Reassemble client: ACTIVE</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">     
    Reassemble server: INACTIVE</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">     
    Reassemble ports: 21 23 25 53 80 143 110 111 513</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">     
    Reassembly alerts: ACTIVE</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">     
    Reassembly method: FAVOR_OLD</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Using GMT time</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">No arguments to frag2 directive, 
    setting defaults to:</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">    Fragment 
    timeout: 60 seconds</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">    Fragment 
    memory cap: 4194304 bytes</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">ProcessFileOption: 
    c:\snort\log/log</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">WARNING: command line overrides 
    rules file logging plugin!</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">WARNING: command line overrides 
    rules file logging plugin!</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">WARNING: command line overrides 
    rules file logging plugin!</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">980 Snort rules 
    read...</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">980 Option Chains linked into 
    100 Chain Headers</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">0 Dynamic rules</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">+++++++++++++++++++++++++++++++++++++++++++++++++++</SPAN></FONT> 
    </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Rule application order: 
    ->activation->dynamic->alert->pass->log->suspicious->red</SPAN></FONT> 
    <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">alert</SPAN></FONT> </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">        
    --== Initialization Complete ==--</SPAN></FONT> </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">-*> Snort! 
    <*-</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Version 1.8-WIN32 (Build 
    103)</SPAN></FONT> <BR><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">By Martin Roesch 
    (roesch at ...1935..., www.snort.org)</SPAN></FONT> <BR><FONT face=Arial 
    size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">1.7-WIN32</SPAN></FONT><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 
    </SPAN></FONT><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Port</SPAN></FONT><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> By 
    Michael </SPAN></FONT><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Davis</SPAN></FONT><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 
    (mike at ...92..., www.datanerds.net/~mike)</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">1.8-WIN32</SPAN></FONT><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 
    </SPAN></FONT><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">Port</SPAN></FONT><FONT 
    face=Arial size=2><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Arial"> By 
    Chris Reid (chris.reid at ...3029...)</SPAN></FONT> <BR><FONT 
    face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">          
    (based on code from 1.7 port)</SPAN></FONT> </P>
    <P style="MARGIN-LEFT: 1in"><FONT face=Arial size=2><SPAN 
    style="FONT-SIZE: 10pt; FONT-FAMILY: Arial">[End config]</SPAN></FONT> 
  </P></BLOCKQUOTE></DIV></BLOCKQUOTE></BODY></HTML>

------_=_NextPart_001_01C1FCF3.56AAC850--




More information about the Snort-users mailing list