Re: Snort IDS

On 9/18/2019 11:46 AM, Mattia wrote: > Hello, > > I have some problems with snort on debian that are already been reported > but the current maintainer seems not active. > For what I found online it seems that snort is the most used IDS, so I > find it quite odd that it's not maintained in Debian.

Re: Snort IDS

Mattia: > > I have some problems with snort on debian that are already been reported but > the current maintainer seems not active. > For what I found online it seems that snort is the most used IDS, so I find > it quite odd that it's not maintained in Debian. Looking at popcon data[1] it appears

Re: snort on ossim

Kaushal Shriyan put forth on 3/24/2010 9:29 PM: > On Thu, Mar 25, 2010 at 7:49 AM, Ron Johnson wrote: >> On 2010-03-24 20:59, Kaushal Shriyan wrote: >>> >>> Hi, >>> >>> can i discuss about ossim >>> http://www.alienvault.com/community.php?section=Home in this mailing >>> list. >> >> Depends. What

Re: snort on ossim

On Thu, Mar 25, 2010 at 7:49 AM, Ron Johnson wrote: > On 2010-03-24 20:59, Kaushal Shriyan wrote: >> >> Hi, >> >> can i discuss about ossim >> http://www.alienvault.com/community.php?section=Home in this mailing >> list. > > Depends.  What's to say that isn't marketing fluff and is vaguely relevan

Re: snort on ossim

On 2010-03-24 20:59, Kaushal Shriyan wrote: Hi, can i discuss about ossim http://www.alienvault.com/community.php?section=Home in this mailing list. Depends. What's to say that isn't marketing fluff and is vaguely relevant to Debian? -- "History does not long entrust the care of freedom to

Re: Snort (debian (etch) always ago)

On Mon, Oct 27, 2008 at 10:40:03AM -0500, John Hasler wrote: > Teemu Likonen writes: > > However, it is possible to use newer software in Debian stable. You can > > do this by downloading a source package from Debian testing (or even > > unstable) and compile it in Debian stable. > > Better yet, g

Re: Snort (debian (etch) always ago)

Teemu Likonen writes: > However, it is possible to use newer software in Debian stable. You can > do this by downloading a source package from Debian testing (or even > unstable) and compile it in Debian stable. Better yet, get backported packages from where Debian devel

Re: Snort (debian (etch) always ago)

Márcio Luciano Donada (2008-10-27 09:28 -0200): > Because debian (etch) while still maintaining version 2.3.3. FreeBSD, > for example currunt already uses the version 2.8.2.2. Why not at least > debian stable places in the version 2.4, I have problems to update the > rules with the oinkmaster Deb

Re: Snort (debian (etch) always ago)

On Mon, Oct 27, 2008 at 09:28:35AM -0200, Márcio Luciano Donada wrote: > Hi list, > > Because debian (etch) while still maintaining version 2.3.3. FreeBSD, > for example currunt already uses the version 2.8.2.2. Why not at least > debian stable places in the version 2.4, I have problems to update t

Re: Snort (debian (etch) always ago)

Márcio Luciano Donada wrote: Hi list, Because debian (etch) while still maintaining version 2.3.3. FreeBSD, for example currunt already uses the version 2.8.2.2. Why not at least debian stable places in the version 2.4, I have problems to update the rules with the oinkmaster thnx. try using

Re: Snort (debian (etch) always ago)

Márcio Luciano Donada escreveu: > Hi list, > > Because debian (etch) while still maintaining version 2.3.3. FreeBSD, > for example currunt already uses the version 2.8.2.2. Why not at least > debian stable places in the version 2.4, I have problems to update the > rules with the oinkmaster > Yo

Re: snort: dropping packages from skype

Romulo Sousa spake thusly on 03/21/2006 01:15 PM: > Hello folks, > > I have a network in which a lot of users are using Skype and, in this > way, causing slowness on the whole network. iptables doesn't help me > since some articles i've seen Google this subject told me that there > is some kindda

Re: snort question

On 3/4/06, Jude DaShiell <[EMAIL PROTECTED]> wrote: > It appears oinkmaster may not be useable. Running it to download new > rules fails with an error 404 in the wget-log file. That or perhaps it's > necessary to give it a specific rules file to download may be necessary. The snort rules require

Re: Snort Messages may not be Telling Me Much.

Martin wrote: > I've got snort installed and running on Debian3.0. It runs > fine but I never get any thing in the report Emails that I receive > each day. You should upgrade to Snort 2.x, so you can get signatures updates. Snort is not really useful without recent signatures: http://www

Re: Snort Messages may not be Telling Me Much.

David Mandelberg writes: >I'm having the same problem. From what I hear, a solution has something >to do with acidlab, but I'm not sure. Thanks. I have another Linux system at work running the same version and I noticed it also has the same problem. Martin McCormick -- To UNSUBSCRIBE,

Re: Snort Messages may not be Telling Me Much.

I'm having the same problem. From what I hear, a solution has something to do with acidlab, but I'm not sure. Martin McCormick wrote: > I've got snort installed and running on Debian3.0. It runs > fine but I never get any thing in the report Emails that I receive > each day. The messages h

RE: snort logging in mysql on Debian!

EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: snort logging in mysql on Debian! --- [EMAIL PROTECTED] wrote: > > Fellows, > > Can you guide me or point me to some document(s) that would allow me to /usr/share/doc// http://localhost/doc/ > setup snort/acid on Debian. I am especial

Re: snort logging in mysql on Debian!

--- [EMAIL PROTECTED] wrote: > > Fellows, > > Can you guide me or point me to some document(s) that would allow me to /usr/share/doc// http://localhost/doc/ > setup snort/acid on Debian. I am especially interested on running snort > and acid (apache/mysql etc) on the same machine. > > If you

Re: Snort default config ?

On Thu, Aug 26, 2004 at 10:27:33AM -0500, Lance Hoffmeyer wrote: > Installed snort the other day and I am getting daily reports > from the default setup. I did nothing but install. > > So, is there anything I should/need do to this default config > for simple monitoring or/and a bit of added secu

Re: snort

Hi! I've figured out the problem. There is a script in cron.daily called 5snort and it searches /var/log/auth.log for snort reports, not /var/log/snort/sth. Therefore you need to have snort configured to send alert messages also to syslog. You have to edit /etc/init.d/snort and add an '-s' option

Re: snort

On Monday 08 March 2004 13:27, Nejc Novak shoved this in my mailbox: > Hi! > > I have installed snort on debian stable. Snort sends me e-mail report, but > it is empty. I believe it has sth to do with logrotate, but i don't know > how to fix it. Help please. Check in your crontab what is sending y

Re: snort on router - risks?

Jeffrey L. Taylor wrote: Quoting Marcus Schopen <[EMAIL PROTECTED]>: Hi, on my DSL-router (masqurading) at home I'd like to install snort to see who attacks me from the internet side. I know that one should install snort on a seperate hosts before and behind the firewall to get the best resul

Re: snort on router - risks?

Jeffrey L. Taylor wrote: Quoting Marcus Schopen <[EMAIL PROTECTED]>: Hi, on my DSL-router (masqurading) at home I'd like to install snort to see who attacks me from the internet side. I know that one should install snort on a seperate hosts before and behind the firewall to get the best resul

Re: snort on router - risks?

Quoting Marcus Schopen <[EMAIL PROTECTED]>: > Hi, > > on my DSL-router (masqurading) at home I'd like to install snort to see > who attacks me from the internet side. I know that one should install > snort on a seperate hosts before and behind the firewall to get the best > results, but this is

Re: snort log has a bunch of different attacks - should I be worried

Shri Shrikumar said: > Thanks nate. Is there a site which lists these things in more detail so I > know if the ones that show up are safe or not. http://www.whitehats.com/ids/ is the only one I know of nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Tro

Re: snort log has a bunch of different attacks - should I be worried

On Saturday 08 March 2003 8:40 am, Shri Shrikumar wrote: > Re: snort log has a bunch of different attacks - should I be worried > From: Shri Shrikumar <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > > On Sat, 2003-03-08 at 15:54, nate wrote: > > Shri Shrikumar said: >

Re: snort log has a bunch of different attacks - should I be worried

On Sat, 2003-03-08 at 15:54, nate wrote: > Shri Shrikumar said: > > Hello, > > > > I have been running a server for a few months now for a hobby site and had > > installed snort. I have reports of a whole range of attacks on the server > > IP including > > in default configuration snort will detec

Re: snort log has a bunch of different attacks - should I be worried

Shri Shrikumar said: > Hello, > > I have been running a server for a few months now for a hobby site and had > installed snort. I have reports of a whole range of attacks on the server > IP including in default configuration snort will detect about 97-99% false positives as far as "intrusion" goes

Re: Snort Remove errors

On Tue, Dec 24, 2002 at 01:09:51PM -0700, Dana J. Laude wrote: > Removing snort ... > /etc/init.d/snort: var: command not found > dpkg: error processing snort (--remove): > subprocess pre-removal script returned error exit status 127 Please file a bug report about this. Cheers, -- Colin Watson

Re: Snort Remove errors

Dana J. Laude said: > Greetings everyone. > > I'm having trouble removing the snort package. Here's the info: > /etc/init.d/snort: var: command not found I would reinstall it and remove it again. if that error comes up check out that script for any occurances of 'var' and remove them(backup the

Re: Snort on Debian - no alerts? no reports?

On Mon, 2002-06-24 at 07:53, T. wrote: > Hi, > > Debian Unstable > snort: > Installed: 1.8.6-3 > Candidate: 1.8.6-3 > > I have installed snort and I'm getting no email alerts, and the daily > reports are blank. The version of snort-stat that is packaged with that one is somewhat messed up:

Re: snort question

> Hi, I haven't used snort before and wanted to see where the > incoming traffic to my external ip is coming from. Can I do this > with a machine behind the router? I mean, the deb machine is > sitting on a 192x and I want to see the incoming traffic on the > external ip. Is this possible or do

Re: Snort - syslog, docs & packages [longish]

On Fri, Oct 05, 2001 at 01:15:16PM -0400, Robb Kidd wrote: > [packages] Also, I notice that snort is also suffering from poor > package descriptions. snort, snort-common, snort-doc, snort-mysql and > snort-rules-default all seem to have the following: [...] > ... which doesn't really he

Re: Snort with postgres logging

servus, > I want to install snort an my firewall, but didn't want the logging to be > done on that box but on an box with postgres installed (7.1 on potato). > And i don't want both db on that machine (political reason :). by the changelog on woody, mfr added that support on 2000-07-06: * Ne

Re: Snort report questions

on Wed, Sep 05, 2001 at 07:14:52PM -0400, Paul M Foster ([EMAIL PROTECTED]) wrote: > See the following message emitted by snort. The 207.* and 206.* > addresses below are my ISP nameservers. The 192.* address is my wife's > Windows machine on the network. I received the message at my machine. > A

Re: Snort

On Wed, Aug 15, 2001 at 10:30:55AM -0500, Michael Heldebrant wrote: > On 15 Aug 2001 15:15:00 +1000, Craig W wrote: > > > putatively stable package. Maybe the maintainer of the package > has some more insight. Robert van der Meulen <[EMAIL PROTECTED]> is > listed. Give him an email. Don't cou

Re: Snort

On 15 Aug 2001 15:15:00 +1000, Craig W wrote: > > Debian 2.2 Potato > Perl 5.005_03 > Total fresh install. > > > - Original Message - > From: "Michael Heldebrant" <[EMAIL PROTECTED]> > To: "Craig W" <[EMAIL PROTECTED]> >

Re: Snort

On 15 Aug 2001 13:06:09 +1000, Craig W wrote: > Hi, > > Real Newbie to Debian, wondering if anyone could help me to correct an issue > I am having with installing Snort. > > apt-get install snort > > Setting up snort (1.5.1-11) ... > Can't call method "template" on an undefined value at > /usr/l

Re: snort-stat not reporting

Hello, On Wed, 25 Jul 2001, Isetro Savi wrote: > I'm running Debian unstable and the snort-stat script does not do > reporting correctly. All I receive is a blank e-mail in place of the > proper statistics it should create. I run testing and I have the same problem. I thought that there was noth

Re: snort-stat not reporting

Make sure to include the patch; they like patches, especially if they work. On Wed, 25 Jul 2001, Isetro Savi wrote: >No, I did not - guess I'll head over to debian.org and do that. > >On Tue, Jul 24, 2001 at 11:36:53PM -0600, John Galt wrote: >> >> Did you report a bug? >> >> On Wed, 25 Jul 2001

Re: snort-stat not reporting

No, I did not - guess I'll head over to debian.org and do that. On Tue, Jul 24, 2001 at 11:36:53PM -0600, John Galt wrote: > > Did you report a bug? > > On Wed, 25 Jul 2001, Isetro Savi wrote: > > >I'm running Debian unstable and the snort-stat script does not do > >reporting correctly. All I

Re: snort-stat not reporting

Did you report a bug? On Wed, 25 Jul 2001, Isetro Savi wrote: >I'm running Debian unstable and the snort-stat script does not do >reporting correctly. All I receive is a blank e-mail in place of the >proper statistics it should create. > >After a little bit of troubleshooting, I have made a cha

Re: [Sebastiaan ] Re: snort dies

Thank you. I will try it. Greetz, Sebastiaan -- NT is the OS of the future. The main engine is the 16-bit Subsystem (also called MS-DOS Subsystem). Above that, there is the windoze 95/98 16-bit Subsystem. Anyone can see that 16+16=32, so windoze NT is a *real* 32-bit system. On 24 Ju

[Sebastiaan ] Re: snort dies

I have been running snort on Potato/Woody machines and have also some across similar problems. My solution:- Removed the 5snort script and attached additional lines to logrotate to re-start snort once the logs have been rotated. I also made a script which will monitor the snort/swatch/qpage proces

Re: snort dies

Hello, On Sun, 22 Jul 2001, Martin F. Krafft wrote: > hey all, > i looked in the debian bug system, and aside it being mentioned, i > have not found an answer. /etc/cron.daily/5snort seems to kill snort > when configured in start-at-boot mode. however, if i run the cron > script manually, it rest

Re: Snort config

On Fri, 18 May 2001, Iwan Mouwen wrote: > * John Galt <[EMAIL PROTECTED]> [010516 15:24]: > > >DEBIAN_SNORT_STATS_RCPT="root" > > ^ > > Change this just on principle: using root to check system email is just > > another thing you can do as a user and not have to be lo

Re: Snort config

* John Galt <[EMAIL PROTECTED]> [010516 15:24]: > >DEBIAN_SNORT_STATS_RCPT="root" > ^ > Change this just on principle: using root to check system email is just > another thing you can do as a user and not have to be logged in as root so > much... > Why? # vi /etc/al

Re: Snort config

On Wed, 16 May 2001, Oki DZ wrote: >John Galt wrote: >> Expect changes when woody freezes: the file you reference is >> snort.debian.conf in testing/unstable...snort.conf is a real snort.conf >> (more in line with the upstream...) > >I see. >I've been running on potato (current stable, right?); we

Re: Snort config

John Galt wrote: > Expect changes when woody freezes: the file you reference is > snort.debian.conf in testing/unstable...snort.conf is a real snort.conf > (more in line with the upstream...) I see. I've been running on potato (current stable, right?); well, for the machine that directly connected

Re: Snort config

On Wed, 16 May 2001, Oki DZ wrote: >Hi, > >I have the following: >[EMAIL PROTECTED]:~$ more /etc/snort/snort.conf ^ Expect changes when woody freezes: the file you reference is snort.debian.conf in testing/unstable...snort.conf is a real snort.conf (more in l