Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort misses attacks it normaly detects

From: dibo303 () gmx de
Date: Tue, 20 Jan 2004 13:44:48 +0100 (MET)
Hi all,

I have installed Snort in the following way:

- Snort 2.1.0 (Build9) on Redhat Linux
- Logging is done in MySQL
- Snort and MySQL communicate over Stunnel

As examle let's take an FTP-Attack trying to upload .rhosts. I do a testing
with Nessus.
Sometimes the sensor catched the event, sometimes not.
However the NIC which reads from the wire gets the malicious packets.
This behavior changes with no particular reason from one minute to another.
In the meantime I didn't change anything in the whole System.
The Reason is NOT dropping traffic, as it is quite low.
The Reason is also NOT MySQL or Stunnnel, as it worked fine until I upgraded
from Snort 1.9.1.

Any ideas?

Jochen

-- 
+++ GMX - die erste Adresse für Mail, Message, More +++
Bis 31.1.: TopMail + Digicam für nur 29 EUR http://www.gmx.net/topmail



-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: