[Snort-users] Packets being alerted with other hosts, but not the localhost with Snort on it

John Byrne jbyrnescu at gmail.com
Mon Sep 10 19:43:06 EDT 2018


Yeah…  That didn’t work.  Are you toying with me like all of the hackers on my network?  and what do you mean by t-bird?  I didn’t quite understand that.

Here’s my command line, so you can give it to more hackers to know how I’m running my setup so they can do some more damage.  ; )

(before your suggestion)
snort -c /etc/snort/snort.conf -i eth0 -l /var/log
(after your suggestion)
snort -k none -c /etc/snort/snort.conf -i eth0 -l /var/log

Curiously,
John

> On Sep 10, 2018, at 5:52 AM, wkitty42 at windstream.net wrote:
> 
> On 09/09/2018 09:02 PM, John Byrne wrote:
>> Oops…
>> I accidentally replied to just wkitty42…
>> This message is going to both wkitty42 and the snort user list.
>> Sorry about that… I just clicked on reply and assumed it would go to the snort user list.
> 
> 
> yeah, i use "reply all" in my t-bird ;)
> 
> 
> i do not recall you showing your snort command line... if you do not have it in place, try adding "-k none" to your command line and see if that helps...
> 
> 
> -- 
> NOTE: No off-list assistance is given without prior approval.
>       *Please keep mailing list traffic on the list unless*
>       *a signed and pre-paid contract is in effect with us.*

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180910/181b8f4f/attachment.html>


More information about the Snort-users mailing list