Snort mailing list archives
Re: Snort check
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 24 Mar 2004 16:26:47 -0500
At 03:17 PM 3/24/2004, Martin Bündgens wrote:
is it possible to check if snort is running on a server you don`t have any rights on ? Thanks.
No, other than to try to use network probing tools to detect if it's interface is in promisc mode.. but that won't tell you if it's snort, tcpdump, or some other tool that has it in promisc mode.
And of course, all of this is assuming the snort box isn't connected via a read-only tap interface. If it is, you're more-or-less SOL without being able to log into the box and look at ps.
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: RE: Snort not logging to the /var/log/snort/alert f ile ids (Mar 24)
- Snort check Martin Bündgens (Mar 24)
- Re: Snort check Matt Kettler (Mar 24)
- Snort check Martin Bündgens (Mar 24)