Snort mailing list archives
snort misses attacks it normaly detects
From: dibo303 () gmx de
Date: Tue, 20 Jan 2004 13:44:48 +0100 (MET)
Hi all, I have installed Snort in the following way: - Snort 2.1.0 (Build9) on Redhat Linux - Logging is done in MySQL - Snort and MySQL communicate over Stunnel As examle let's take an FTP-Attack trying to upload .rhosts. I do a testing with Nessus. Sometimes the sensor catched the event, sometimes not. However the NIC which reads from the wire gets the malicious packets. This behavior changes with no particular reason from one minute to another. In the meantime I didn't change anything in the whole System. The Reason is NOT dropping traffic, as it is quite low. The Reason is also NOT MySQL or Stunnnel, as it worked fine until I upgraded from Snort 1.9.1. Any ideas? Jochen -- +++ GMX - die erste Adresse für Mail, Message, More +++ Bis 31.1.: TopMail + Digicam für nur 29 EUR http://www.gmx.net/topmail ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort misses attacks it normaly detects dibo303 (Jan 20)