Snort mailing list archives
Cant see alert for rule
From: "Tom Fulton" <tfulton9909 () comcast net>
Date: Wed, 2 Jun 2004 12:36:30 -0700
1) Snort 2.0.6 on linux 2) Three pcs: 1 2 3 w2kPC victim linux attacker linux snort box 3) I run: Snort -d -e -v -c /etc/snort/snort.conf (no errors) 4) Rule in ftp.rules is: Alert tcp any any -> any 21 (content: "USER administrator"; msg: "FTP administrator login attempt";) 5) When I run: ftp <IPVictim> from linux attacker, I don't get any rules fired on my snort box. 6) I have a Gigabit Linksys 5-port workgroup switch between them all Why am I not able to see the alert? Thanks!
Current thread:
- Cant see alert for rule Tom Fulton (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- Re: Cant see alert for rule Jeff Coppock (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- Re: Cant see alert for rule Jeff Coppock (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- <Possible follow-ups>
- RE: Cant see alert for rule Harper, Patrick (Jun 02)
- Re: Cant see alert for rule SN ORT (Jun 03)
- HOME_NET question sart (Jun 03)
- RE: Cant see alert for rule Tom Fulton (Jun 03)