[Dshield] SNORT

Ed Greshko Edward.M.Greshko at syntegra.com
Tue Aug 14 01:14:27 GMT 2001


Hi,

All of your questions can be answered at www.snort.org.

Yes, you need a rules file to make SNORT work well...

Ed
  -----Original Message-----
  From: dshield-admin at dshield.org [mailto:dshield-admin at dshield.org]On
Behalf Of Mel Chandler PMI
  Sent: Tuesday, August 14, 2001 01:36
  To: 'dshield at dshield.org'
  Subject: [Dshield] SNORT


  I'm new to Linux and SNORT and was wondering if I could get some tips
and/or help.  I have installed SNORT v1.8 rpm on Red Hat 7.1, when it
complained about missing a file, which I believe was the rules file, I just
supplied it with a blank file.  I'm not sure if there are some sort of rules
I need to download or if it updates them itself.  I've been seeing a lot of
activity (80-90% ARP Broadcasts), but so far SNORT reports no activity.  Is
there a way to test it and ensure it is working ok.  Also, is there some
where I show get updated rules from?  I kept clicking on links on the
website for rules, but came to the download page and couldn't find anything.
Any help would be great.

  Mel L. Chandler, A+, Network+, MCNE, MCDBA, MCSE+I, CCNA
  MChandler at PMI.Delta.org
  Network Analyst
  Information Services
  PMI Delta Dental
  (562) 467-6627
  =========================
  = not many animals were harmed in =
  = ..... the making of this email ........ =
  =========================

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/list/attachments/20010814/bccf9cde/attachment.htm


More information about the list mailing list