Snort mailing list archives
Re: Snort + Guardian + Acid dont run
From: pvm <pvm () kurgan usi ru>
Date: Thu, 10 Jun 2004 09:35:11 +0600
Hello Franco, Wednesday, June 9, 2004, 5:19:33 PM, you wrote: FC> Good my problem is the following: FC> Use CL9 and I got to install the snort 1.9 + acid+guardian... Snort FC> detects my sweepings in the nmap and it places them in Alert and in FC> Portscan.log as I read at a forum. (preprocessor portscan: $EXTERNAL_NET FC> 4 3 PORTSCAN.LOG AND PREPROCESSOR PORTSCAN-IGNOREHOSTS: 200.122.34.55) FC> the case is that the attack attempts are on file. The fact is that they FC> don't appear in the acid and therefore in MYSQL. ME already of mysql -h FC> localhost -u snort -p and everything certain. What appears me in the FC> healthy acid: [cut] FC> Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. FC> Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. FC> Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. FC> Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. FC> Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. FC> Odd.. source = 200.122.34.132, dest = 200.122.34.55. No action done. [cut] FC> # This is a list of IP addresses on the current host, in case there is FC> more FC> # than one. If this file doesn't exist, then it will assume you want to FC> run FC> # with the default setup (machine's ip address, and broadcast/network). FC> TargetFile /etc/guardian.target Put your ip address (200.122.34.55) in this file /etc/guardian.target. -- Best regards, pvm mailto:pvm () kurgan usi ru ------------------------------------------------------- This SF.Net email is sponsored by: GNOME Foundation Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event. GNOME Users and Developers European Conference, 28-30th June in Norway http://2004/guadec.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Taps, Rx Only Cables & Hubs - Which one(s)? Jim Richards (Jun 08)
- Re: Taps, Rx Only Cables & Hubs - Which one(s)? Rich Adamson (Jun 08)
- Re: Taps, Rx Only Cables & Hubs - Which one(s)? Matt Kettler (Jun 08)
- Snort + Guardian + Acid dont run Franco Catena (Jun 09)
- Re: Snort + Guardian + Acid dont run Alejandro Flores (Jun 09)
- Re: Snort + Guardian + Acid dont run pvm (Jun 09)
- Snort + Guardian + Acid dont run Franco Catena (Jun 09)
- <Possible follow-ups>
- Taps, Rx Only Cables & Hubs - Which one(s)? Jim Richards (Jun 08)
- Taps, Rx Only Cables & Hubs - Which one(s)? Jim Richards (Jun 08)
- RE: Taps, Rx Only Cables & Hubs - Which one(s)? Mike Walter (Jun 08)