Snort Problem (Alert.ids)
Results 1 to 3 of 3

Thread: Snort Problem (Alert.ids)

  1. #1

    Snort Problem (Alert.ids)

    I finaly managed to get snort installed and running on my Windows 98 SE box.

    The file Alert.ids was created and placed in the directory:

    C:\Inetpub\wwwroot\Logs\


    C:\snort\snort -W

    Note: snort was installed in C:\Snort. But there was no bin directorys created,

    Snort displayed the available network adapters:

    My PCI ethernet card was shown to be on fe100 as the first adapter.

    C:\snort\snort -c c:\snort\snort.conf -l c:\Inetpub\wwwroot\Logs i1

    Snort.exe was found in my C:\snort directory, NOT c:\snort\bin\ as c:\snort\bin was not created during install.

    So I get stuff:

    Initializeing network interface fe100

    Initializeing snort
    ....
    .
    ...
    .
    Initialization complete.

    I then checked to see if alet.ids was created, it was, so I opened with notepad, and it was empty:::

    Can someone tell me why it is not logging to alert.ids. I did open a few web sites before looking at alert.ids
    test

  2. #2
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    I played a little with snort for Windows, and I think that I initially had the same problem. Double-check to make sure your rules are configured properly in snort.conf, assuming that's where your rules are being pulled from.
    Opinions are like holes - everybody\'s got\'em.

    Smile

  3. #3
    I just downloaded a program called snot, This is suposed to generate alerts with the preprocessor stream4 turned off.

    but when I ran it, I mistakenly used the subnet mask 24 on my ip instead of the more spasific 31. I sent 5 random packets with a max delay of 10 seconds. I noticed it did not send them to me. I specified 24.x.x.x/24 where 24.x.x.x is my ip address. But now I realize that will target a bunch of computers.

    I am woryed with the 5 packets I sent, to random hosts, if I could get into Legal trouble.

    I guess if anyone asks I could explain what hapened but I would prefer not to have a visitor late at night knocking at my door.

    Can anyone tell me if I have anything to wory about?
    test

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides