September 29th, 2002, 02:23 AM
Snort Problem (Alert.ids)
I finaly managed to get snort installed and running on my Windows 98 SE box.
The file Alert.ids was created and placed in the directory:
Note: snort was installed in C:\Snort. But there was no bin directorys created,
Snort displayed the available network adapters:
My PCI ethernet card was shown to be on fe100 as the first adapter.
C:\snort\snort -c c:\snort\snort.conf -l c:\Inetpub\wwwroot\Logs i1
Snort.exe was found in my C:\snort directory, NOT c:\snort\bin\ as c:\snort\bin was not created during install.
So I get stuff:
Initializeing network interface fe100
I then checked to see if alet.ids was created, it was, so I opened with notepad, and it was empty:::
Can someone tell me why it is not logging to alert.ids. I did open a few web sites before looking at alert.ids
September 29th, 2002, 11:11 AM
I played a little with snort for Windows, and I think that I initially had the same problem. Double-check to make sure your rules are configured properly in snort.conf, assuming that's where your rules are being pulled from.
Opinions are like
holes - everybody\'s got\'em.
October 1st, 2002, 12:30 PM
I just downloaded a program called snot, This is suposed to generate alerts with the preprocessor stream4 turned off.
but when I ran it, I mistakenly used the subnet mask 24 on my ip instead of the more spasific 31. I sent 5 random packets with a max delay of 10 seconds. I noticed it did not send them to me. I specified 24.x.x.x/24 where 24.x.x.x is my ip address. But now I realize that will target a bunch of computers.
I am woryed with the 5 packets I sent, to random hosts, if I could get into Legal trouble.
I guess if anyone asks I could explain what hapened but I would prefer not to have a visitor late at night knocking at my door.
Can anyone tell me if I have anything to wory about?