Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-users] Snort config and setup Need you help - Please!

from [Arthur Chilipweli] Network Security [Permanent Link]
Subject: RE: [Snort-users] Snort config and setup Need you help - Please!
Date: Wed, 13 Jul 2005 14:00:43 -0500 
Patrick,

Thanks for the direction and the information I found the information and I
am looking into it to figure it out, as you know sometimes is hard to find
what you are looking for, but the topics discussed seems to be addressing my
issue.

Thanks,

Arthur

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net]On Behalf Of Patrick
Harper
Sent: Wednesday, July 13, 2005 5:40 AM
To: 'Arthur Chilipweli'; snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Snort config and setup Need you help -
Please!


Only if you have a true hub, just because it says hub do not assume that it
is.  Search the archives for true hub and real hub for a lot more info.
This has been discussed here many times.

-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Arthur
Chilipweli
Sent: Wednesday, July 13, 2005 3:27 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Snort config and setup Need you help - Please!

Hi,
Please Someone may be able to guide me in the right direction ( I am a new
bee on snort and Unix) I am not sure where I am going wrong I have Installed
Snort on a 1.3 Mhz PC with 512 RAM, and is working fine (logging traffic
towards the box and the NIC where is installed), but my problem I have is
the only traffic I can see and is getting logged is only towards the box I
have snort installed, brief setup I have is like this

I have three machines Win 2000, Win Adv serve 2003 and Fedora core 3(Snort
is installed) all have 1 NIC in them, all Connected to a hub and the hub is
connected to my Router and to my Cable Modem, I thought (but may be I am
wrong) that snort will be able to log all traffic on my tiny network as long
as I define my HOM_NET Correct. below is the short snort.conf file:

var HOME_NET 192.168.1.0/24

# Set up the external network addresses as well.  A good start may be "any"
var EXTERNAL_NET any
# var EXTERNAL_NET !$HOME_NET

# Configure your server lists.  This allows snort to only look for attacks
to # systems that have a service up.  Why look for HTTP attacks if you are
not # running a web server?  This allows quick filtering based on IP
addresses # These configurations MUST follow the same configuration scheme
as defined # above for $HOME_NET.

# List of DNS servers on your network
var DNS_SERVERS [68.13.16.25,68.13.16.30]

# List of SMTP servers on your network
var SMTP_SERVERS [192.168.1.4]

# List of web servers on your network
var HTTP_SERVERS [192.168.1.4,192.168.1.100]

# List of sql servers on your network
var SQL_SERVERS $HOME_NET

# List of telnet servers on your network var TELNET_SERVERS $HOME_NET

# List of snmp servers on your network
# var SNMP_SERVERS $HOME_NET

So with this setup is there any thing I am missing or I have a wrong
understanding on how snort setup should be? please understand I am a new
bee, so I really need your education trying to get to learn Unix.

Will really appreciate.

Thanks in advance,


Arthur A. Melvin





-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------------------------------------------------
This SF.Net email is sponsored by the 'Do More With Dual!' webinar happening
July 14 at 8am PDT/11am EDT. We invite you to explore the latest in dual
core and dual graphics technology at this free one hour event hosted by HP,
AMD, and NVIDIA.  To register visit http://www.hp.com/go/dualwebinar
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Snort-users] Can a win2k pcap 1 interface have multiple sniff apps.........., Turnquist,Wayne
Next by Date:  RE: [Snort-users] Snort config and setup Need you help - Please!, Arthur Chilipweli
Previous by Thread:  RE: [Snort-users] Snort config and setup Need you help - Please!, Patrick Harper
Next by Thread:  Re: [Snort-users] Snort config and setup Need you help - Please!, Matt Kettler
Indexes:  [Date] [Thread] [Top] [All Lists]