On Thu, Nov 28, 2002 at 10:19:24 -0600, Hanasaki JiJi wrote:
> Snort is reporting scans in the alert.log but not the portscan.log
Which version? AFAIK the version in woody still has wrong log rotation
causing it to log to a file descriptor corresponding to an already deleted
file (#158042).
HTH,
1.8.4-Beta1 Build 91
It also seems to be dying without any reports to syslog
J.H.M. Dassen (Ray) wrote:
On Thu, Nov 28, 2002 at 10:19:24 -0600, Hanasaki JiJi wrote:
Snort is reporting scans in the alert.log but not the portscan.log
Which version? AFAIK the version in woody still has wrong
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hanasaki JiJi schrieb:
| 1.8.4-Beta1 Build 91
|
| It also seems to be dying without any reports to syslog
|
This also happens to my setup. I'm restarting snort every night now.
Marcel
- --
Marcel Weber - [EMAIL PROTECTED]
PGP/GPG Key: http://
hi there.
are debian packages signed with pgp or something similar?
how can packages be verified?
for example, if i want to install the openssl package with
#apt-get install openssl
how can i proof, that the package is ok? md5sum is not satisfactory.
i checked the debian webpage, faq and searc
On Fri, Nov 29, 2002 at 02:01:26PM +0100, Marcel Weber wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hanasaki JiJi schrieb:
> | 1.8.4-Beta1 Build 91
> |
> | It also seems to be dying without any reports to syslog
> |
>
>
> This also happens to my setup. I'm restarting snort every
On Fri, Nov 29, 2002 at 03:50:09PM +0100, Fred Bowman wrote:
> hi there.
>
(..)
>
> i checked the debian webpage, faq and searched mailing list but with no
> result.
> thanx for any hint!
You didn't look (deeply) enough:
http://www.debian.org/doc/user-manuals#securing
more spec
My driver is a tulip for a linksys card
The snort list told me that the version in woody is known to be broken
so I downloaded snort 1.9 and manually installed it.. yuk!
FYI: when run from the command line, the BETA in woody was saying
something about exhausting trees.
REQUEST! can 1.9 be p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hanasaki JiJi wrote:
| My driver is a tulip for a linksys card
|
| The snort list told me that the version in woody is known to be broken
| so I downloaded snort 1.9 and manually installed it.. yuk!
|
| FYI: when run from the command line, the BETA in
On Fri, Nov 29, 2002 at 06:36:16PM +0100, Marcel Weber wrote:
> What about considering outdated security tools as hazardous to the
> system's security? Taking this point of view, why not distributing
> updated versions via debian-security?
>
I've a general issue along those lines. There are often
Hanasaki JiJi wrote:
Snort is reporting scans in the alert.log but not the portscan.log
Any thoughts?
Hi!
Now I *have* my snort reporting scans in the portscan.log in Version
1.8.4-beta1 (Build 91). Because of this message, I started playing with
my snort.conf. When I uncommented the rul
Please do send the file. I have put 1.9 in manaully its rocking!
Alfonso Federico Simó wrote:
Hanasaki JiJi wrote:
Snort is reporting scans in the alert.log but not the portscan.log
Any thoughts?
Hi!
Now I *have* my snort reporting scans in the portscan.log in Version
1.8.4-beta1 (Bui
Below is one of MANY alerts being loged on my internal network. It is a
very small network. how can i find what is causing the bad traffice,
and rectify it?
[**] [1:1322:4] BAD TRAFFIC bad frag bits [**]
[Classification: Misc activity] [Priority: 3]
11/29-11:38:11.405389 192.168.1.200 -> 192.16
Here it goes!
I attach the snort.conf, but I only changed this part:
--
#=
# Include all relevant rulesets here
#
# shellcode, policy, info, ba
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hanasaki JiJi schrieb:
| 1.8.4-Beta1 Build 91
|
| It also seems to be dying without any reports to syslog
|
This also happens to my setup. I'm restarting snort every night now.
Marcel
- --
Marcel Weber - [EMAIL PROTECTED]
PGP/GPG Key: http://w
hi there.
are debian packages signed with pgp or something similar?
how can packages be verified?
for example, if i want to install the openssl package with
#apt-get install openssl
how can i proof, that the package is ok? md5sum is not satisfactory.
i checked the debian webpage, faq and search
On Fri, Nov 29, 2002 at 02:01:26PM +0100, Marcel Weber wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hanasaki JiJi schrieb:
> | 1.8.4-Beta1 Build 91
> |
> | It also seems to be dying without any reports to syslog
> |
>
>
> This also happens to my setup. I'm restarting snort every
On Fri, Nov 29, 2002 at 03:50:09PM +0100, Fred Bowman wrote:
> hi there.
>
(..)
>
> i checked the debian webpage, faq and searched mailing list but with no
> result.
> thanx for any hint!
You didn't look (deeply) enough:
http://www.debian.org/doc/user-manuals#securing
more spec
My driver is a tulip for a linksys card
The snort list told me that the version in woody is known to be broken
so I downloaded snort 1.9 and manually installed it.. yuk!
FYI: when run from the command line, the BETA in woody was saying
something about exhausting trees.
REQUEST! can 1.9 be put
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hanasaki JiJi wrote:
| My driver is a tulip for a linksys card
|
| The snort list told me that the version in woody is known to be broken
| so I downloaded snort 1.9 and manually installed it.. yuk!
|
| FYI: when run from the command line, the BETA in
On Fri, Nov 29, 2002 at 06:36:16PM +0100, Marcel Weber wrote:
> What about considering outdated security tools as hazardous to the
> system's security? Taking this point of view, why not distributing
> updated versions via debian-security?
>
I've a general issue along those lines. There are often
Hanasaki JiJi wrote:
Snort is reporting scans in the alert.log but not the portscan.log
Any thoughts?
Hi!
Now I *have* my snort reporting scans in the portscan.log in Version
1.8.4-beta1 (Build 91). Because of this message, I started playing with
my snort.conf. When I uncommented the rule
Please do send the file. I have put 1.9 in manaully its rocking!
Alfonso Federico Simó wrote:
Hanasaki JiJi wrote:
Snort is reporting scans in the alert.log but not the portscan.log
Any thoughts?
Hi!
Now I *have* my snort reporting scans in the portscan.log in Version
1.8.4-beta1 (Buil
Below is one of MANY alerts being loged on my internal network. It is a
very small network. how can i find what is causing the bad traffice,
and rectify it?
[**] [1:1322:4] BAD TRAFFIC bad frag bits [**]
[Classification: Misc activity] [Priority: 3]
11/29-11:38:11.405389 192.168.1.200 -> 192.168
Here it goes!
I attach the snort.conf, but I only changed this part:
--
#=
# Include all relevant rulesets here
#
# shellcode, policy, info, bac
24 matches
Mail list logo
