Snort mailing list archives
Snort "promiscuous mode disabled...
From: "FRANCIS PROVENCHER" <francis.provencher () msp gouv qc ca>
Date: Fri, 11 May 2007 09:41:49 -0400
Hi all, I'v install a snort instance on my Laptop, Freebsd box. i start the process /usr/local/etc/rc.d/snort start I look on my /var/log/message MyPC# /usr/local/etc/rc.d/snort start Starting snort. MyPC# ps aux | grep snort root 2638 92.2 15.6 157376 120856 ?? Rs 9:34AM 0:06.17 /usr/local/bin/snort -Dq -c /usr/local/etc/snort/snort.conf I start ok, but 2 minutes later i see this message on; May 11 09:34:32 snort[2637]: Are You There Threshold: 200 May 11 09:34:32 snort[2637]: Normalize: YES May 11 09:34:32 snort[2637]: Detect Anomalies: NO May 11 09:34:32 snort[2637]: FTP CONFIG: May 11 09:34:32 snort[2637]: FTP Server: default May 11 09:34:32 snort[2637]: Ports: 21 May 11 09:34:32 snort[2637]: Check for Telnet Cmds: YES alert: YES May 11 09:34:32 snort[2637]: Identify open data channels: YES May 11 09:34:32 snort[2637]: FTP Client: default May 11 09:34:32 snort[2637]: Check for Bounce Attacks: YES alert: YES May 11 09:34:32 snort[2637]: Check for Telnet Cmds: YES alert: YES May 11 09:34:32 snort[2637]: SMTP Config: May 11 09:34:32 snort[2637]: Ports: May 11 09:34:32 snort[2637]: 25 May 11 09:34:32 snort[2637]: May 11 09:34:32 snort[2637]: Inspection Type: STATEFUL May 11 09:34:32 snort[2637]: Normalize Spaces: YES May 11 09:34:32 snort[2637]: Ignore Data: NO May 11 09:34:32 snort[2637]: Ignore TLS Data: NO May 11 09:34:32 snort[2637]: Ignore Alerts: NO May 11 09:34:32 snort[2637]: Max Command Length: 0 May 11 09:34:32 snort[2637]: Max Header Line Length: 0 May 11 09:34:32 snort[2637]: Max Response Line Length: 0 May 11 09:34:32 snort[2637]: X-Link2State Alert: YES May 11 09:34:32 snort[2637]: Drop on X-Link2State Alert: NO May 11 09:34:32 snort[2637]: DCE/RPC Decoder config: May 11 09:34:32 snort[2637]: Autodetect ports ENABLED May 11 09:34:32 snort[2637]: SMB fragmentation ENABLED May 11 09:34:32 snort[2637]: Obsolete DNS RR Types Alert: INACTIVE May 11 09:34:32 snort[2637]: Experimental DNS RR Types Alert: INACTIVE May 11 09:34:32 snort[2637]: Ports: May 11 09:34:32 snort[2637]: 53 May 11 09:34:32 snort[2637]: May 11 09:34:32 snort[2637]: Warning: flowbits key 'dce.bind.veritas' is set but not ever checked. May 11 09:34:32 snort[2637]: Warning: flowbits key 'ms_sql_seen_dns' is checked but not ever set. May 11 09:34:32 snort[2637]: 303 out of 512 flowbits in use. May 11 09:34:32 snort[2637]: *** *** interface device lookup found: rl0 *** May 11 09:34:32 snort[2637]: Initializing daemon mode May 11 09:34:32 snort[2638]: PID path stat checked out ok, PID path set to /var/run/ May 11 09:34:32 snort[2638]: Writing PID "2638" to file "/var/run//snort_rl0.pid" May 11 09:34:32 snort[2637]: Daemon parent exiting May 11 09:35:23 MyPc rl0: promiscuous mode disabled I dont know why this doing this, it always work before... Did you know why, the promuscuous mode disabled? What can cause this? Thanks for your help Francis Provencher Ministère de la Sécurité publique du Québec Direction des technologies de l'information Division de la sécurité informatique Tél: 1 418 646-3258 Courriel: Francis.provencher () Msp gouv qc ca CEH - Certified Ethical Hackers SSCP - System Security Certified Practitionner Sec+ - Security +
Attachment:
FRANCIS PROVENCHER4.vcf
Description:
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort "promiscuous mode disabled... FRANCIS PROVENCHER (May 11)
- Re: Snort "promiscuous mode disabled... Paul Melson (May 11)