[15351] in bugtraq
Re: Snort 1.6 and nmap 2.54beta1
daemon@ATHENA.MIT.EDU (Galileo)
Thu Jun 15 14:20:48 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <002301bfbe13$111c8100$e105f0d5@gal>
Date: Mon, 15 May 2000 04:02:48 +0200
Reply-To: Galileo <galileo@MAILANDNEWS.COM>
From: Galileo <galileo@MAILANDNEWS.COM>
X-To: H D Moore <hdm@secureaustin.com>
To: BUGTRAQ@SECURITYFOCUS.COM
> What parameters had you given snort?
-vl /temp/snort or just -l /temp/snort
> What ruleset are you using? (could be triggered by preprocessor)
no rulset.If used with ruleset snort works fine.
snort -vc snort-lib ( or 06082k.rules ) -l /temp/snort and everything is
okay.
I'm sorry abouth this it loks like I alarmed a lot of people without a
reason since very few people use snort withouth a ruleset.
When I found this I was playing with snort for the first time.
It looks like when a ruleset is applied all errors disapear.
for example -vdC after a couple of minutes gives a "garbled" screen and you
have to logout to restore the screen or
-vd gives this kind of error : "Got NULL ptr in PrintNetData" but still
continues to work.
But when a ruleset is applied no errors apear.
> What is your network topology?
I don't realy have a network :) .One machine with a vmware virtual machine
on top of it and virtual network betwen them.
