[ale] RE: Snort
Christopher Fowler
cfowler at outpostsentinel.com
Tue Aug 19 14:35:47 EDT 2003
check this out:
http://66.23.198.2/snort-shot.png
What are all these cyber-ket clinets doing. I've just been running this
thing for 15 minutes and I'm getting this much ICMP traffic?
Chris
On Tue, Aug 19, 2003 at 01:50:39PM -0400, Transam wrote:
> On Tue, Aug 19, 2003 at 01:20:30PM -0400, Christopher Fowler wrote:
>
> > This snort program is really cool. I've got it logging to a
> > directory called /tmp/sno. It seems that you can have it go
> > into a database. Will it dump the package data into th database or
> > just the header info. I want to make sure the database does not
> > grwo uncontrollably. My database is behind the firewall so I can just
> > dump there. It may be feasible to create a wiretap.
>
>
> > -- Rx [ ] --- [ ] Rx --
> > -- Tx [ ] --- [ ] Tx --
> > |
> > | Rx
> > [ ]
> > [ ] Snort.
>
>
> > Would this be correct cable configuration. I assume that I'll
> > need to send Rx+ and Rx- to the IDS but do not need to worry
> > about Tx+ and Tx-
>
> Correct.
>
> > Chris
>
> Bob Toxen
> bob at verysecurelinux.com [Please use for email to me]
> http://www.verysecurelinux.com [Network&Linux/Unix security consulting]
> http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
> Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
>
> "Microsoft: Unsafe at any clock speed!"
> -- Bob Toxen 10/03/2002
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list