[Wolves] Snort fun and games

[Jono Bacon]

--- Adam Sweet wrote:

> Regrettably I can't help Jono, but I did look at my
> own Snort logs and there are a LOT of portscans,
> dodgy
> ICMP packets and proxy scans, a bit of a revelation
> really considering what crap we must attract when
> we're unprotected. Scary sh*t indeed.

It is indeed scarey shit and this is the incentive to
get my snort set up properly. I am however having some
trouble...


--- Jayne Heger <jayne@sphynx.clara.co.uk> wrote:
> I use Snort on a Smoothwall box, I don't know of any
> tools like nmap or 
> chkrootkit you could use for Snort.
> But a few weeks ago I joined a mailing list for
> FreeSwan as me and my 
> boyfriend are currently trying to set up a VPN
> connection and the amount of 
> alerts I have had, people sending virus's (mailing
> list is unmoderated) and 
> it appearing on my Snort logs. For example :-
> Date:
> 08/19 16:13:07
> Name:
> Virus - Possible scr Worm
> Priority:
> 3
> Type:
> Misc activity
> IP info:
> 195.8.69.217:110 -> 217.158.132.78:61002
> References:
>  none found

t is these kind of logs that dont seem to be getting
gneerated for me. I hav set up snort, configured it as
I think it should be, and it just isnt generating
logs. Is there a way to check the rule files are being
loaded?

I am also using Acidlab to viewe the data. This is
working but again doesnt show the alerts (alerts are
not in either the mysql DB or in /var/log/snort).

This is indeed...confusing the hell out of my little
brain.

      Jono




=====
Jono Bacon - [vmlinuz] - jonoATkdeDOTorg
KDE Developer - Diary: http://www.advogato.org/person/jono/

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com