Re: [Snort-users] snort funtionallity
This is a discussion on Re: [Snort-users] snort funtionallity within the Snort forums, part of the System Security and Security Related category; Please try to keep this on the list. Others might learn from this in the future (thanks to Google and ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-17-2004
|
|||
|
|||
Re: [Snort-users] snort funtionallity
Please try to keep this on the list. Others might learn from this in
the future (thanks to Google and all the mailinglist archives) On Fri, 17 Dec 2004 02:17:13 -0500, Nick Smith <nick@computernick.com> wrote: > Michael Boman wrote: > > >Take a deep breath and read my answers below... > > > >On Fri, 17 Dec 2004 01:35:08 -0500, Nick Smith <nick@computernick.com> wrote: > >>and are there any websites with a list of rules to add to > >>increase security of your snort install without having to write all the > >>rules by hand yourself? > >> > >> > > > >Yes, both www.snort.org and www.bleedingsnort.com updates their rules regulary. > > > > > > > do you just have to copy over the new rules into the correct directory > overwriting the old? do they ever add any new *.rules files? > if so do i need to do anything special to tell snort they are there? or > does it do that on its own? Nope, you have to do it manually. I would recomend oinkmaster (http://oinkmaster.sourceforge.net/) to manage the rules. It will do the trick. And don't forget that you have to send SIGUSR1 or restart snort for it to pick up the updated rules. > >>and where would i add those rules? Oinkmaster will take care of most of the stuff, and advice you where you need to do some manual work. > >>and finally > >>this probably goes along with the previous question; i am getting > >>virtually no ICMP (<1%) traffic and no portscan traffic (0%), i know > >>there has to be some traffic for those, and i have a fresh install of > >>snort running, is there something i have to add to get snort to look for > >>that traffic? > >> > >> > > > >Have you enabled the relevant signatures and preprocessors for those? > > > > > > > no clue how to do that? any advice? Not sure, I don't know your network. I would help if you could send us your configuration so we can have a look at it. Also check out the snort documentation at www.snort.org. Best regards Michael Boman ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
