[ale] RE: Snort

Christopher Fowler cfowler at outpostsentinel.com
Tue Aug 19 14:35:47 EDT 2003


check this out:

http://66.23.198.2/snort-shot.png

What are all these cyber-ket clinets doing.  I've just been running this
thing for 15 minutes and I'm getting this much ICMP traffic?

Chris

On Tue, Aug 19, 2003 at 01:50:39PM -0400, Transam wrote:
> On Tue, Aug 19, 2003 at 01:20:30PM -0400, Christopher Fowler wrote:
> 
> > This snort program is really cool.  I've got it logging to a 
> > directory called /tmp/sno.  It seems that you can have it go
> > into a database.  Will it dump the package data into th database or
> > just the header info.  I want to make sure the database does not 
> > grwo uncontrollably.  My database is behind the firewall so I can just
> > dump there.  It may be feasible to create a wiretap.
> 
> 
> > -- Rx [ ] --- [ ] Rx --
> > -- Tx [ ] --- [ ] Tx --
> >            |
> >            | Rx
> >           [ ] 
> >           [ ] Snort.
> 
> 
> > Would this be correct cable configuration.  I assume that I'll
> > need to send Rx+ and Rx- to the IDS but do not need to worry
> > about Tx+ and Tx-
> 
> Correct.
> 
> > Chris
> 
> Bob Toxen
> bob at verysecurelinux.com               [Please use for email to me]
> http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
> http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
> Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
> 
> "Microsoft: Unsafe at any clock speed!"
>    -- Bob Toxen 10/03/2002
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list