RE: Snort & Snot

["Ronneil Camara" <ronneilc () remingtonltd com>]

-> -----Original Message-----
-> From: bluz [mailto:bluz () digitaldilemma com]
-> Sent: Tuesday, January 22, 2002 10:43 AM
-> To: snort-users () lists sourceforge net
-> Subject: [Snort-users] Snort & Snot
-> 
-> 
-> Hi, 
-> 
-> I'm sorry if this question has come up before, but I'm new 
-> to the list
-> and couldn't find any mention of this in the archives.... 
-> 
-> I've been running SNORT 1.83 for a while and it seems to be working
-> fine.  I just installed SNOT 0.92a and have run multiple RULE files
-> against SNORT... 
-> 
-> The problem is, only a small percentage of SNOT generated attacks is
-> reported by SNORT on the attacked system.  I'm not sure if 
-> the problem
-> is SNORT or SNOT. 

First question is, is your sensor connected to a switch?
Second is, if so, is the port where you sensor is connected configured as a monitoring port?
Third is, your $home_net. Check it out.
Fourth is, you might be using -z est param.

Hope this helps...

neil

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users