Snail: You weren't "troubling me".

The simple fact is that your inability to get the system working doesn't bode well for your ability to understand it's output.

Simple questions for you to ask to yourself:-

1. If you go through the Snort rules one by one without even looking at the documentation for each rule can you determine from the rule what it is detecting, why and what the potential consequences are?

2. Then try reading the documentation for each rule and see if you can work out the same.

3. Even if you manage to work it out can you determine how you would find out if the attack were successful or not?

Snort is not and Intrusion Prevention System. It does _nothing_ to protect you... It doesn't care about you or your security policy... It simply sits there and watches the data stream and giggling every time it sees an exploit fly by. Yes, it'll tell you "Guess what, Skiddie #7 just attacked your primary web server with <insert exploit here>.... Buuuuummer....."

Learning about it is all very well and I applaud you for it.... If you study Snort as a vehicle to understand networking, exploits, information gathering etc. then good.... great.... But don't try to use it as a defensive system without using actual defensive systems that work automatically without any input by you.

If you do it'll end in tears......

'nuff said?