Snort mailing list archives
Re: permission issue
From: waldo kitty <wkitty42 () windstream net>
Date: Fri, 12 Apr 2013 11:21:27 -0400
On 4/10/2013 16:59, Balla István wrote:
Thanks Jarrett, I didnt pay attention to the last command. that caused the problem. it is fixed. I havent found explanation for the following warning msgs in snort documentation: Verifying Preprocessor Configurations! ICMP tracking disabled, no ICMP sessions allocated IP tracking disabled, no IP sessions allocated
see below for my response to the above tracking disabled notifications... note: i'm rearranging the following flowbits notifications to group them all together rather than them being intermingled...
WARNING: flowbits key 'file.pecompact' is set but not ever checked. WARNING: flowbits key 'flags.fin' is set but not ever checked. WARNING: flowbits key 'file.docm' is set but not ever checked. WARNING: flowbits key 'sybase.tds.connection' is set but not ever checked. WARNING: flowbits key 'file.cov' is set but not ever checked. WARNING: flowbits key 'file.vqf' is set but not ever checked. WARNING: flowbits key 'smb.smi' is set but not ever checked. WARNING: flowbits key 'file.maki' is set but not ever checked. WARNING: flowbits key 'smb.trans2.fileinfo' is set but not ever checked. WARNING: flowbits key 'file.wmp_playlist' is set but not ever checked. WARNING: flowbits key 'file.ppsx' is set but not ever checked. WARNING: flowbits key 'file.tiff.big' is set but not ever checked. WARNING: flowbits key 'file.rar' is set but not ever checked. WARNING: flowbits key 'file.xlsx' is set but not ever checked. WARNING: flowbits key 'file.swf.cff' is set but not ever checked. WARNING: flowbits key 'file.emf' is set but not ever checked. WARNING: flowbits key 'acunetix.scanner' is set but not ever checked. WARNING: flowbits key 'ms.packager' is set but not ever checked. WARNING: flowbits key 'file.wma' is set but not ever checked.
the above warnings are telling you that you have rules that SET the named flowbits but there are no *enabled* rules that CHECK the named flowbit... that means that while they are being set, there are no other rules that will react to the named flowbits... these rules aren't really useless but they would be better utilized by enabling the rules that check those named flowbits... if you do not want those other rules enabled, then you should disable the ones that set these flowbits...
WARNING: flowbits key 'file.bzip' is checked but not ever set. WARNING: flowbits key 'file.mpeg' is checked but not ever set.
these above are telling you that you have rules that CHECK the named flowbit but there are no *enabled* rules that SET the named flowbits... that means that those rules are useless since the flowbit is never set in the first place... either locate and disable the checking rules for those named flowbits or locate and enable the setting rules for those named flowbits...
Do you think these r generated when there is no traffic through snort interfaces?
no... the two "tracking disabled" ones are related to your snort.conf settings... their messages are pretty plain... you have not allocated any sessions or session space for them in your conf... ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- permission issue Balla István (Apr 08)
- Re: permission issue Jarrett Carver (Apr 08)
- Re: permission issue Balla István (Apr 12)
- Re: permission issue waldo kitty (Apr 12)
- Re: permission issue Balla István (Apr 19)
- Re: permission issue Balla István (Apr 12)
- Re: permission issue Jarrett Carver (Apr 08)
- Re: permission issue waldo kitty (Apr 08)