[Snort-users] Snort mysql with no ip interface
This is a discussion on [Snort-users] Snort mysql with no ip interface within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C3C8D3.C8941B30 Content-Type: text/plain; charset="us-ascii" ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-30-2003
|
|||
|
|||
[Snort-users] Snort mysql with no ip interface
This is a multi-part message in MIME format.
------=_NextPart_000_0001_01C3C8D3.C8941B30 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit I have Version 2.0.1-ODBC-MySQL-WIN32 (Build 88) under windows with acid. Everything is working fine on interface 10.0.0.1. Logging to the db works fine, etc. I put in a second NIC and set it up under XP with no IP address. Ethereal can sniff packets on the interface just fine. I have snort configured for the second interface, but it cannot log to the mysql database. I added an output plugin for file and was able to see alerts from it. What am I doing wrong? Cable modem-----------dumb hub---------linksys fw---------10.0.0.1 interface 1 |_______________________0.0.0.0 interface 2 Snort output: D:\EagleX\snort\bin>D:\EagleX\Snort\bin\snort.exe -c "D:\EagleX\Snort\etc\snort.conf" -l "D:\EagleX\Snort\logs" -i 2 -h 192.1 0/24 -X -z Running in IDS mode Log directory = D:\EagleX\Snort\logs Initializing Network Interface \Device\NPF_{B7264AA4-8C2E-489E-951C-A32498F2FD36} --== Initializing Snort ==-- Initializing Output Plugins! Decoding Ethernet on interface \Device\NPF_{B7264AA4-8C2E-489E-951C-A32498F2FD36} Initializing Preprocessors! Initializing Plug-ins! Parsing Rules file D:\EagleX\Snort\etc\snort.conf ++++++++++++++++++++++++++++++++++++++++++++++++++ + Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes Fragment min_ttl: 0 Fragment ttl_limit: 5 Fragment Problems: 0 Self preservation threshold: 500 Self preservation period: 90 Suspend threshold: 1000 Suspend period: 30 Stream4 config: Stateful inspection: ACTIVE Session statistics: INACTIVE Session timeout: 30 seconds Session memory cap: 8388608 bytes State alerts: INACTIVE Evasion alerts: INACTIVE Scan alerts: ACTIVE Log Flushed Streams: INACTIVE MinTTL: 1 TTL Limit: 5 Async Link: 0 State Protection: 0 Self preservation threshold: 50 Self preservation period: 90 Suspend threshold: 200 Suspend period: 30 Stream4_reassemble config: Server reassembly: ACTIVE Client reassembly: ACTIVE Reassembler alerts: ACTIVE Ports: 21 23 25 53 80 110 111 143 513 1433 Emergency Ports: 21 23 25 53 80 110 111 143 513 1433 http_decode arguments: Unicode decoding IIS alternate Unicode decoding IIS double encoding vuln Flip backslash to slash Include additional whitespace separators Ports to decode http on: 80 8877 8888 rpc_decode arguments: Ports to decode RPC on: 111 32771 alert_fragments: INACTIVE alert_large_fragments: ACTIVE alert_incomplete: ACTIVE alert_multiple_requests: ACTIVE telnet_decode arguments: Ports to decode telnet on: 21 23 25 119 Using LOCAL time Conversation Config: KeepStats: 0 Conv Count: 65535 Timeout : 60 Alert Odd?: 1 Allowed IP Protocols: All database: compiled support for ( mysql odbc ) database: configured to use Mysql database: host = localhost database: port = 7788 database: database name = snort database: user = snort database: password is set database: sensor name = inet database: detail level = full database: sensor id = 3 database: schema version = 106 database: using the "alert" facility 1581 Snort rules read... 1581 Option Chains linked into 197 Chain Headers 0 Dynamic rules ++++++++++++++++++++++++++++++++++++++++++++++++++ + Rule application order: ->activation->dynamic->alert->pass->log --== Initialization Complete ==-- -*> Snort! <*- Version 2.0.1-ODBC-MySQL-WIN32 (Build 88) By Martin Roesch (roesch@sourcefire.com, www.snort.org) 1.7-WIN32 Port By Michael Davis (mike@datanerds.net, www.datanerds.net/~mike) 1.8 - 2.0 WIN32 Port By Chris Reid (chris.reid@codecraftconsultants.com) ------=_NextPart_000_0001_01C3C8D3.C8941B30 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <html xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns=3D"http://www.w3.org/TR/REC-html40"> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 10"> <meta name=3DOriginator content=3D"Microsoft Word 10"> <link rel=3DFile-List href=3D"cid:filelist.xml@01C3C8D3.C7DED4F0"> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:SpellingState>Clean</w:SpellingState> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--> <style> <!-- /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-compose; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:windowtext;} span.SpellE {mso-style-name:""; mso-spl-e:yes;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--> </head> <body lang=3DEN-US link=3Dblue vlink=3Dpurple = style=3D'tab-interval:.5in'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>I have Version 2.0.1-ODBC-MySQL-WIN32 (Build 88) = under windows with acid. Everything is working fine on interface 10.0.0.1. = Logging to the db works fine, etc. I put in a second NIC and set it up under XP = with no IP address. Ethereal can sniff packets on the interface just fine. I have = <span class=3DGramE>snort</span> configured for the second interface, but it = cannot log to the <span class=3DSpellE>mysql</span> database. I added an output = <span class=3DSpellE>plugin</span> for file and was able to see alerts from = it. What am I doing wrong?<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Cable modem-----------dumb hub---------<span = class=3DSpellE>linksys</span> <span class=3DSpellE>fw</span>---------10.0.0.1 interface = 1<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> &nbs= p;  = ; & nbsp; = </span>|_______________________<span class=3DGramE>0.0.0.0<span style=3D'mso-spacerun:yes'> </span>interface</span> = 2<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Snort output:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>D:\EagleX\snort\bin>D:\EagleX\Sno rt\bin\snort.exe = -c "D:\EagleX\Snort\etc\snort.conf" -l = "D:\EagleX\Snort\logs" -<span class=3DSpellE>i</span> 2 -h 192.1<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>0/24 -X -z<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Running in IDS mode<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Log directory =3D = D:\EagleX\Snort\logs<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Initializing Network Interface \Device\NPF_{B7264AA4-8C2E-489E-951C-A32498F2FD36}<o:p></o:p></span></fon= t></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span>--=3D=3D Initializing Snort =3D=3D--<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Initializing Output <span = class=3DSpellE>Plugins</span>!<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Decoding Ethernet on interface \Device\NPF_{B7264AA4-8C2E-489E-951C-A32498F2FD36}<o:p></o:p></span></fon= t></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Initializing = Preprocessors!<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Initializing Plug-ins!<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Parsing Rules file = D:\EagleX\Snort\etc\snort.conf<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>++++++++++++++++++++++++++++++++++++ +++++++++++++++<o:= p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Initializing rule = chains...<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>No arguments to frag2 directive, setting defaults = to:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Fragment timeout: 60 seconds<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Fragment memory cap: 4194304 bytes<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Fragment <span class=3DSpellE>min_ttl</span>:<span style=3D'mso-spacerun:yes'> = </span>0<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Fragment <span class=3DSpellE>ttl_limit</span>: = 5<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Fragment Problems: 0<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Self preservation threshold: 500<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Self preservation period: 90<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Suspend threshold: 1000<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Suspend period: 30<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Stream4 <span = class=3DSpellE>config</span>:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DSpellE>Stateful</span> inspection: = ACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Session statistics: INACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span style=3D'mso-spacerun:yes'> </span>Session timeout: 30 = seconds<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Session memory cap: 8388608 bytes<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>State alerts: INACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Evasion alerts: INACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Scan alerts: ACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Aial'><span style=3D'mso-spacerun:yes'> = </span>Log Flushed Streams: INACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DSpellE>MinTTL</span>: 1<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span>TTL Limit: 5<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DSpellE>Async</span> Link: 0<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>State Protection: 0<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span><span style=3D'mso-spacerun:yes'> </span>Self preservation = threshold: 50<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Self preservation period: 90<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Suspend threshold: 200<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Suspend period: 30<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Stream4_reassemble <span = class=3DSpellE>config</span>:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Server reassembly: ACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Client reassembly: ACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DSpellE>Reassembler</span> alerts: = ACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Ports: 21 23 25 53 80 110 111 143 513 = 1433<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Emergency Ports: 21 23 25 53 80 110 111 143 513 = 1433<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DSpellE><span class=3DGramE><font = size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>http_decode</span></font></s= pan></span><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'> = arguments:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Unicode decoding<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span>IIS alternate Unicode decoding<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span>IIS double encoding <span = class=3DSpellE>vuln</span><o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Flip backslash to slash<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Include additional <span class=3DSpellE>whitespace</span> = separators<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Ports to decode http on: 80 8877 = 8888<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DSpellE><span class=3DGramE><font = size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>rpc_decode</span></font></sp= an></span><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'> = arguments:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Ports to decode RPC on: 111 32771<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DSpellE>alert_fragments</span>: = INACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DSpellE>alert_large_fragments</span>: = ACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DSpellE>alert_incomplete</span>: = ACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DSpellE>alert_multiple_requests</span>: = ACTIVE<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DSpellE><span class=3DGramE><font = size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>telnet_decode</span></font><= /span></span><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'> = arguments:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Ports to decode telnet on: 21 23 25 = 119<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Using LOCAL time<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Conversation <span = class=3DSpellE>Config</span>:<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DSpellE>KeepStats</span>: 0<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span><span class=3DSpellE>Conv</span> Count: 65535<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> </span>Timeout<span style=3D'mso-spacerun:yes'> </span>: = 60<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span>Alert Odd<span class=3DGramE>?:</span> 1<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span>Allowed IP Protocols:<span style=3D'mso-spacerun:yes'> = </span>All<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>: compiled support for ( <span class=3DSpellE>mysql</span> <span = class=3DSpellE>odbc</span> )<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>: configured to use <span class=3DSpellE>Mysql</span><o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>:<span style=3D'mso-spacerun:yes'> &nbs= p; </span>host =3D <span = class=3DSpellE>localhost</span><o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>:<span style=3D'mso-spacerun:yes'> &nbs= p; </span>port =3D 7788<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>: database name =3D snort<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>:<span style=3D'mso-spacerun:yes'> &nbs= p; </span>user =3D snort<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>: password is set<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>:<span style=3D'mso-spacerun:yes'> </span>sensor name =3D <span = class=3DSpellE>inet</span><o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>: detail level<span style=3D'mso-spacerun:yes'> </span>=3D = full<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>:<span style=3D'mso-spacerun:yes'> </span>sensor id =3D = 3<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>: schema version =3D 106<o:p></o:p></span></font></p> <p class=3DMsoNormal><span class=3DGramE><font size=3D2 = face=3DArial><span style=3D'font-size:10.0pt;font-family:Arial'>database</span></font></span= ><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt;font-family:Arial'>: using the "alert" facility<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>1581 Snort rules read...<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>1581 Option Chains linked into 197 Chain = Headers<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>0 Dynamic rules<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>++++++++++++++++++++++++++++++++++++ +++++++++++++++<o:= p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Rule application order: ->activation->dynamic->alert->pass->log<o:p></o:p></span><= /font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><span style=3D'mso-spacerun:yes'> = </span>--=3D=3D Initialization Complete =3D=3D--<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'><o:p> </o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>-*> Snort! <*-<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>Version 2.0.1-ODBC-MySQL-WIN32 (Build = 88)<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>By Martin <span class=3DSpellE>Roesch</span> (roesch@sourcefire.com, www.snort.org)<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>1.7-WIN32 Port <span class=3DGramE>By</span> Michael = Davis (mike@datanerds.net, = www.datanerds.net/~mike)<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 face=3DArial><span = style=3D'font-size:10.0pt; font-family:Arial'>1.8 - 2.0 WIN32 Port <span class=3DGramE>By</span> = Chris Reid (chris.reid@codecraftconsultants.com)<o:p></o:p></span></font></p> </div> </body> </html> ------=_NextPart_000_0001_01C3C8D3.C8941B30-- ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
