Snort mailing list archives
Re: flexresp and mysql
From: "Craig Mueller" <cmueller () alebra com>
Date: Thu, 07 Sep 2006 12:14:23 -0500
If you are installing on a FreeBSD 6.1X or later system - then you need libnet10-1.0.2a_1. Get this from the BSD ports collection, or also installing snort_inline from sysinstall works.
Craig Mueller CISSP Senior Consultant Alebra Technologies www.alebra.com snort-users-request () lists sourceforge net wrote:
Send Snort-users mailing list submissions to snort-users () lists sourceforge net To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/snort-users or, via email, send a message with subject or body 'help' to snort-users-request () lists sourceforge net You can reach the person managing the list at snort-users-owner () lists sourceforge net When replying, please edit your Subject line so it is more specific than "Re: Contents of Snort-users digest..." Today's Topics: 1. flexresp and mysql (Jes?s G?lvez) 2. Re: flexresp and mysql (Todd Wease) 3. (portscan) Open Port: (Mark Rohrbeck) 4. Re: (portscan) Open Port: (Bamm Visscher) 5. snort v2.6 Win32 flex? (Rich Adamson) ---------------------------------------------------------------------- Message: 1 Date: Thu, 7 Sep 2006 13:06:10 +0200 (CEST) From: Jes?s G?lvez <jesuxgalvez () yahoo es> Subject: [Snort-users] flexresp and mysql To: snort-users () lists sourceforge net Message-ID: <20060907110610.53088.qmail () web27107 mail ukl yahoo com> Content-Type: text/plain; charset="iso-8859-1"Hi, when I run configure with flexresp and mysql options, configure give me error.Then, I tried with flexresp2 and libdnet, but again i got the same result. checking for compress in -lz... yes checking dnet.h usability... yes checking dnet.h presence... yes checking for dnet.h... yes checking for eth_set in -ldnet... no ERROR! Libdnet header not found, go get it from http://libdnet.sourceforge.net or use the --with-dnet-* options, if you have it installed in an unusual place I run: ./configure --prefix=/usr/local/snort \ --with-dnet-libraries=/usr/lib \ --with-dnet-includes=/usr/lib/include \ --with-mysql=/usr/local/mysql \ --enable-flexresp2 all is in the correct directories. Any can help me? thanks. --------------------------------- LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y m?viles desde 1 c?ntimo por minuto. http://es.voice.yahoo.com -------------- next part -------------- An HTML attachment was scrubbed...URL: http://sourceforge.net/mailarchive/forum.php?forum=snort-users/attachments/20060907/e1dbd317/attachment.html------------------------------ Message: 2 Date: Thu, 07 Sep 2006 10:27:27 -0400 From: Todd Wease <twease () sourcefire com> Subject: Re: [Snort-users] flexresp and mysql To: snort-users () lists sourceforge net Message-ID: <1157639247.2569.15.camel () dhcp10-12 sfeng sourcefire com> Content-Type: text/plain--with-dnet-includes=/usr/lib/include \Try --with-dnet-includes=/usr/include ------------------------------ Message: 3 Date: Thu, 7 Sep 2006 11:32:36 -0400 From: Mark Rohrbeck <mark.rohrbeck () gmail com> Subject: [Snort-users] (portscan) Open Port: To: <Snort-users () lists sourceforge net> Message-ID: <000001c6d292$da790420$a029a8c0 () cuinterface com> Content-Type: text/plain; charset="us-ascii" Hi all,I am getting thousands of these portscans (Below are 3 examples) They are basically all from my exchange server to different IP addresses mainly on port 25 I have noticed a few of 53 too. They are all going to addresses on the internet and I am not sure if I should be concerned or not, they arehappening continuously all through the day.If I can offer any more information please let me know, I would really like to get to the bottom of this, I have googled away and find similar posts but no answers.When I click on the link to Snort it saysGEN:SID 1:27Message Sorry, no such sid-gen (1:27)Any help greatly appreciated.#624-(3-21094) <http://localhost/base/base_qry_alert.php?submit=%23624-%283-21094%29&sort_order=time_d>[snort <http://www.snort.org/pub-bin/sigs.cgi?sid=27> ] (portscan) Open Port: 252006-09-06 06:08:36192.168.41.129<http://localhost/base/base_stat_ipaddr.php?ip=192.168.41.129&netmask=32>67.15.52.7<http://localhost/base/base_stat_ipaddr.php?ip=67.15.52.7&netmask32> Raw IP#625-(3-21091) <http://localhost/base/base_qry_alert.php?submit=%23625-%283-21091%29&sort_order=time_d>[snort <http://www.snort.org/pub-bin/sigs.cgi?sid=27> ] (portscan) Open Port: 252006-09-06 06:08:35192.168.41.129<http://localhost/base/base_stat_ipaddr.php?ip=192.168.41.129&netmask=32>70.84.128.20<http://localhost/base/base_stat_ipaddr.php?ip=70.84.128.20&netmask32> Raw IP#626-(3-21092) <http://localhost/base/base_qry_alert.php?submit=%23626-%283-21092%29&sort_order=time_d>[snort <http://www.snort.org/pub-bin/sigs.cgi?sid=27> ] (portscan) Open Port: 252006-09-06 06:08:35192.168.41.129<http://localhost/base/base_stat_ipaddr.php?ip=192.168.41.129&netmask=32>67.15.143.14<http://localhost/base/base_stat_ipaddr.php?ip=67.15.143.14&netmask32> Raw IPThanks -------------- next part -------------- An HTML attachment was scrubbed...URL: http://sourceforge.net/mailarchive/forum.php?forum=snort-users/attachments/20060907/83c72c27/attachment.html------------------------------ Message: 4 Date: Thu, 7 Sep 2006 09:40:36 -0600 From: "Bamm Visscher" <bamm.visscher () gmail com> Subject: Re: [Snort-users] (portscan) Open Port: To: "Mark Rohrbeck" <mark.rohrbeck () gmail com> Cc: Snort-users () lists sourceforge net Message-ID: <27492850609070840p33d39e47wb636b1cc5d4a74fb () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed That's the sfportscan preprocessor [0] Bammkkkk [0] http://www.snort.org/docs/snort_htmanuals/htmanual_260/node11.html#SECTION00317000000000000000 On 9/7/06, Mark Rohrbeck <mark.rohrbeck () gmail com> wrote:Hi all, I am getting thousands of these portscans (Below are 3 examples) They are basically all from my exchange server to different IP addresses mainly on port 25 I have noticed a few of 53 too. They are all going to addresses on the internet and I am not sure if I should be concerned or not, they are happening continuously all through the day. If I can offer any more information please let me know, I would really like to get to the bottom of this, I have googled away and find similar posts but no answers. When I click on the link to Snort it says GEN:SID 1:27 Message Sorry, no such sid-gen (1:27) Any help greatly appreciated. Thanks
-- Craig Mueller CISSP Senior Consultant Alebra Technologies www.alebra.com 612-436-8204
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- flexresp and mysql Jesús Gálvez (Sep 07)
- Re: flexresp and mysql Todd Wease (Sep 07)
- <Possible follow-ups>
- Re: flexresp and mysql Craig Mueller (Sep 07)