Re: [Snort-users] New Snort 2.2 Rules
This is a discussion on Re: [Snort-users] New Snort 2.2 Rules within the Snort forums, part of the System Security and Security Related category; Another issue, may be a dumb question but doesn't hurt asking is: did you download the correct Snort rulesets ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-14-2005
|
|||
|
|||
Re: [Snort-users] New Snort 2.2 Rules
Another issue, may be a dumb question but doesn't hurt asking is: did
you download the correct Snort rulesets for your version of Snort? E.g. 2.3 rules will not work on Snort 2.1. Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 213 Crystal Lake, IL 60014 Web: http://www.appliedwatch.com Toll Free: (877) 262-7593 "Enterprise Snort Management" On Wed, 2005-09-14 at 15:33 -0500, Eric Hines wrote: > Walt, > > I would recommend going over to your Snort sensor and making sure none > of the rules you downloaded (bleeding-edge?) etc.. broke Snort. Run a ps > listing and make sure Snort did not fail on restart. To get a verbose > output in the case that it is failing due to something in the snort.conf > or rulesets, run it from the command line in verbose mode: snort > -c /path/to/snort.conf -v > > Regards, > > Eric Hines, GCIA, CISSP > CEO, President > Applied Watch Technologies, LLC > 1095 Pingree Road > Suite 213 > Crystal Lake, IL 60014 > Web: http://www.appliedwatch.com > Toll Free: (877) 262-7593 > "Enterprise Snort Management" > > > On Wed, 2005-09-14 at 15:26 -0500, Walt Rich wrote: > > I updated the Snort rules to the latest available on Souceforge's > > site. They wre auite out of date, and almost a year old. Snort is up > > and running, but has become very queit! It used to detect alot of > > false positives, which were a pain, but at least I knew it was > > working. Now it is very, very quiet, and hasn't detected anything in > > over 2 hours. Is it possible that the rule writers have become so > > good that the detection of false positives has been almost eliminated? > > Has anyone else experienced anything similar? Any input is greatly > > appreciated. > > > > Thanks! > > > > > > Parago Logo > > > > ___________________________________ > > | Walt Rich | Sr. Network > > Engineer | Parago, Inc. | > > 972.538.7253 | walt.rich@parago.com > > | > > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App Server. Download > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
