Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Snort-users] Serious Snort Bug Could Lead To Next Slammer

from [Ron Jenkins] Network Security [Permanent Link]
Subject: RE: [Snort-users] Serious Snort Bug Could Lead To Next Slammer
Date: Thu, 20 Oct 2005 07:39:19 -0500 
What is the deal with this guy!  He loves to complain before checking
for facts. 

I feel sorry for the Windows users!


-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Patrick
Harper
Sent: Thursday, October 20, 2005 7:37 AM
To: 'Michael Steele'; snort-users@lists.sourceforge.net
Subject: RE: [Snort-users] Serious Snort Bug Could Lead To Next Slammer

http://www.snort.org/rules/advisories/snort_update_20051018.html

Fixes and Mitigation Instructions Available for Snort Back Orifice
Vulnerability   Jennifer Steffens (Sourcefire) @ October 18, 2005
09:18:01

There is a link on the front page and on the news page


 
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Michael
Steele
Sent: Thursday, October 20, 2005 6:39 AM
To: snort-users@lists.sourceforge.net
Subject: [Snort-users] Serious Snort Bug Could Lead To Next Slammer

I found this:

http://www.crn.com/sections/breakingnews/dailyarchives.jhtml?articleId=1
7230
2520

No mention on Snort.org or in the list.

Kindest regards,
Michael...

WINSNORT.com Management Team Member
--
Pick up your FREE Windows or UNIX Snort installation guides
mailto:support@winsnort.com
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org
-----Original Message-----
From: snort-users-admin@lists.sourceforge.net
[mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Igor
Belikov
Sent: Thursday, October 20, 2005 12:18 AM
To: snort-users@lists.sourceforge.net
Subject: Re[2]: [Snort-users] need help configuring snort + barnyard

Hello Chris,

Wednesday, October 19, 2005, 7:31:05 PM, you wrote:

CE> |   I configured snort to write both alert and log files in unified
CE> |   format. But I can't configure barnyard properly to store in DB
CE> |   detailed info about alerts.
CE> | 
CE> |   Barnyard "watch" alert files and stores info about alerts, but I
CE> |   need also store whole packets caused alert.

CE> It seems you don't need to have snort write both unified files.  All
the
CE> required info seems to be in the unified "log" file, so this is what
you
CE> want barnyard to read.  It's not at all clear to us what info is in
the
CE> unified "alert" file that's not *also* in the unified "log" file.
So we
CE> don't write a unified "alert" file at all.

It's sounds good, but I still can't configure snort + barnyard.

Last configs:

  - snort:

output log_unified: filename snort.log, limit 128

  - barnyard:

output log_acid_db: mysql, sensor_id 1, database snort, server x.x.x.x,
user
xxxxx, password xxxxx, detail full

In /log directory I see "snort.log.<timestamp>", "barnyard.waldo"
(with correct link to snort.log) and "alert" (with alerts produced by
snort).

Watching log files I see that barnyard works (link in waldo file
follows growing snort.log), but I don't get any new alerts in DB.

Using previous variant of configs (using unified alert) barnyard put
all alerts in DB.

Please, point me where I make mistake.

-- 
Best regards,
 Igor                            mailto:ivb@is.ua



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads,
discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads,
discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads,
discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Snort-users] Serious Snort Bug Could Lead To Next Slammer, Patrick Harper
Next by Date:  Re: Fwd: Re: [Snort-users] Suppress alerts, Peter Rodger
Previous by Thread:  RE: [Snort-users] Serious Snort Bug Could Lead To Next Slammer, Ron Jenkins
Next by Thread:  RE: [Snort-users] Serious Snort Bug Could Lead To Next Slammer, Ron Jenkins
Indexes:  [Date] [Thread] [Top] [All Lists]