Snort mailing list archives
Re: Snort Stop, reload & restarting
From: "Render-Vue" <sales () render-vue com>
Date: Sat, 8 Dec 2001 10:56:45 +1300
I posted:-
Just testing some bits and pieces and have the start up as:-
snort -c /etc/snort/snort.conf -v -D -A none Snort dumps to syslog and reports for now are coming through logcheck till I get it fine tuned to what I want - deleted the IIS rules and Cold-Fusion rules and went to restart/reload snort doing so caused snort to come back with an error message.<< Thanks to all who replied off line - I have the problem sorted now Because SNORT was running at default as Daemon I wasn't calling the full path when trying to reload or restart - duuhhh Should have RTM first... Thanks again to everyone... While I'm here is there a definative guide to what the various rules mean for example:- Dec 7 13:38:19 ns snort: [1:1156:1] WEB-MISC apache DOS attempt [Classification: Attempted Denial of Service] [Priority: 6]: {TCP} 203.96.108.198:1248 -> xxx.xxx.xxx.xxx:80 Dec 7 13:17:56 ns snort: [1:657:2] SMTP chameleon overflow [Classification: Attempted Administrator Privilege Gain] [Priority: 10]: {TCP} 206.132.79.221:3450 -> xxx.xxx.xxx.xxx:25 Dec 7 11:06:18 ns snort: [1:884:2] WEB-CGI formmail access [Classification: Attempted Information Leak] [Priority: 3]: {TCP} 168.191.68.32:3538 -> xxx.xxx.xxx.xxx:80 Dec 7 02:57:07 ns snort: [1:1288:1] WEB-FRONTPAGE /_vti_bin/ access [Classification: Potentially Bad Traffic] [Priority: 2]: {TCP} 208.63.33.200:1206 -> xxx.xxx.xxx.xxx:80 Dec 7 02:17:56 ns snort: [1:896:1] WEB-CGI wayboard access [Classification: Attempted Information Leak] [Priority: 3]: {TCP} 202.89.128.85:30405 -> xxx.xxx.xxx.xxx:80 etctera etcetera... Most of the rules are self explainatory but it would be nice to see something come up in the logs and be able to see if it's worth worrying about or if it can be rem'd out of the rule sets. Regards Chae _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Stop, reload & restarting Render-Vue (Dec 06)
- Re: Snort Stop, reload & restarting John Sage (Dec 06)
- <Possible follow-ups>
- RE: Snort Stop, reload & restarting Mark Forsyth (Dec 06)
- Re: Snort Stop, reload & restarting Render-Vue (Dec 07)
- MySQL Litter Frank Reid (Dec 07)