Snort mailing list archives
Re: Snort not seeing all traffic?
From: Erick Mechler <emechler () techometer net>
Date: Thu, 24 Apr 2003 08:48:14 -0700
:: I am referring to "alerts" I guess... With that said, I can not find :: "rules" via snort-center, that pertain to port scanning and or the exploits :: like cmd.exe and root.exe... As for the rest, should I run something like :: Ethereal and check traffic that way? Portscanning is taken care of via the portscan2 preprocessor (Config Types --> Preprocessors --> Create preprocessors). As for the cmd.exe and root.exe rules, check SIDs 1661, 1002, and 1256 among others. Re: Ethereal, that's just a sniffer, so unless you actually want to look through all your packets looking for bad stuff, I'd just stick with customizing your Snort rulebase to fit your needs. Cheers - Erick ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort not seeing all traffic? Patrick Jones (Apr 23)
- Re: Snort not seeing all traffic? Matt Kettler (Apr 23)
- RE: Snort not seeing all traffic? PJ-ML (Apr 24)
- Re: Snort not seeing all traffic? Erick Mechler (Apr 24)
- Snort is not seeing all traffic... PJ-ML (May 07)
- Re: Snort is not seeing all traffic... Matt Kettler (May 08)
- Re: Snort is not seeing all traffic... PJ-ML (May 08)
- RE: Snort not seeing all traffic? PJ-ML (Apr 24)
- Re: Snort not seeing all traffic? Matt Kettler (Apr 23)
- Re: Snort not seeing all traffic? Erick Mechler (Apr 24)
- Re: Snort not seeing all traffic? PJ (Apr 24)
- Re: Snort not seeing all traffic? Erick Mechler (Apr 24)
- <Possible follow-ups>
- Re: Snort not seeing all traffic? PJ (Apr 24)