Re: [FreeBSD] Snort hakkında
teşekkürler hatayı buldum dediğiniz gibi output satırındaymış bu arada bir şey sormak istiyorum snort ipfw ile birlikte çalışıyormu yani gelen alarete göre ipfw rule ekeleme gibi. -Orjinal mesaj- From: Huzeyfe Onal [EMAIL PROTECTED] Date: Fri, 24 Mar 2006 16:06:33 +0200 To: freebsd@lists.enderunix.org Subject: Re: [FreeBSD] Snort hakkında Merhaba, snort.conf dosyanizdaki output satirlarini gond erebilir misiniz.. Problem bu satirlarda gozukuyor. On 3 /23/06, Deniz Tosun [EMAIL PROTECTED] wrote: Merh aba arkadaşlar Freebsd 4.11 sonort acid bileşenlerini kur dum amache php mysql vs.. her şey çalışıyor tek şey dış ından oda snort Start verdikten sonra starting diyor ve daha sonra program kapanıyor messages ten baktığımda aşağıdaki hatayı veriyordu sorun nedir acaba. Ma r 23 20:41:44 bsd snort: PID path stat checked out ok, PI D path set to /var/run/ Mar 23 20:41:44 bsd snort: Writing PID 33588 to file /var/run//snort_lnc0.pid Mar 23 20:41:44 bsd snort: ,---[Flow Config]- - Mar 23 20:41:44 bsd snort: | St ats Interval: 0 Mar 23 20:41:44 bsd snort: | Hash Me thod: 2 Mar 23 20:41:45 bsd snort: | Memcap: 10485760 Mar 23 20:41:45 bsd snort: | Rows : 4099 Mar 23 20:41:45 bsd snort: | Overhead Byt es: 16400(%0.16) Mar 23 20:41:45 bsd snort: `--- --- Mar 23 20:41: 45 bsd snort: HttpInspect Config: Mar 23 20:41:45 bsd snort: GLOBAL CONFIG Mar 23 20:41:45 bsd snort:Max Pipeline Requests:0 Mar 23 20:41:45 bsd snort: Inspection Type: STATELESS Mar 23 20:41:45 bsd snort: Detect Proxy Usage: N O Mar 23 20:41:45 bsd snort: IIS Unicode Map Fi lename: /usr/local/etc/unicode.map Mar 23 20:41:45 bsd snort: IIS Unicode Map Codepage: 1252 Mar 2 3 20:41:45 bsd snort: DEFAULT SERVER CONFIG: Mar 23 20:41:45 bsd snort: Ports: Mar 23 20:41:45 b sd snort: 80 Mar 23 20:41:45 bsd snort: 8080 Mar 23 20:41:45 bsd snort: 8180 Mar 23 20:41:45 bsd snort : Mar 23 20:41:45 bsd snort: Flow Depth: 300 Mar 23 20:41:45 bsd snort: Max Chunk Length: 5000 00 Mar 23 20:41:45 bsd snort: Inspect Pipeline Requests: YES Mar 23 20:41:45 bsd snort: URI Di scovery Strict Mode: NO Mar 23 20:41:45 bsd snort:Allow Proxy Usage: NO Mar 23 20:41:45 bsd snort:Disable Alerting: NO Mar 23 20:41:45 bsd snort:Oversize Dir Length: 500 Mar 23 20:41:45 bsd s nort: Only inspect URI: NO Mar 23 20:41:45 bsd snort: Ascii: YES alert: NO Mar 23 20:41:45 bsd snort: Double Decoding: YES alert: YES Mar 23 20:41:45 bsd snort: %U Encoding: YES alert: YES Mar 23 20:41:45 bsd snort: Bare Byte: YES alert: Y ES Mar 23 20:41:45 bsd snort: Base36: OFF M ar 23 20:41:45 bsd snort: UTF 8: OFF Mar 23 20: 41:45 bsd snort: IIS Unicode: YES alert: YES Ma r 23 20:41:45 bsd snort: Multiple Slash: YES alert: NO Mar 23 20:41:45 bsd snort: IIS Backslash: Y ES alert: NO Mar 23 20:41:45 bsd snort: Directo ry Traversal: YES alert: NO Mar 23 20:41:45 bsd snort : Web Root Traversal: YES alert: YES Mar 23 20: 41:45 bsd snort: Apache WhiteSpace: YES alert: YES Mar 23 20:41:45 bsd snort: IIS Delimiter: YES a lert: YES Mar 23 20:41:45 bsd snort: IIS Unicod e Map: GLOBAL IIS UNICODE MAP CONFIG Mar 23 20:41:4 5 bsd snort: Non-RFC Compliant Characters: Mar 23 20:41:45 bsd snort: NONE Mar 23 20:41:45 bsd snort : Mar 23 20:41:45 bsd snort: rpc_decode arguments: Mar 23 20:41:45 bsd snort: Ports to decode RPC on: 111 32771 Mar 23 20:41:45 bsd snort: alert_fragme nts: INACTIVE Mar 23 20:41:45 bsd snort: alert_la rge_fragments: ACTIVE Mar 23 20:41:45 bsd snort: alert_incomplete: ACTIVE Mar 23 20:41:45 bsd snort: alert_multiple_requests: ACTIVE Mar 23 20:41:45 bs d snort: telnet_decode arguments: Mar 23 20:41:45 bsd snort: Ports to decode telnet on: 21 23 25 119 M ar 23 20:41:45 bsd snort: FATAL ERROR: unknown output plu gin: '-mode' Mar 23 20:41:45 bsd /kernel: lnc0: promi scuous mode disabled -- Huzeyfe ÖNAL --- First Turk ish Qmail book is out! Go check it. Duydunuz mu! Turkiye' nin ilk Qmail kitabi cikti. http://www.acikakademi.com/ca talog/qmail/ - Cikmak icin, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.org Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php
Re: [FreeBSD] Snort hakkında
Merhaba,evet calisiyor. http://freebsd.rogness.net/snort_inline/ adresine bakacak olursaniz konu ile ilgili detay bilgi bulabilirsiniz.ek olarak Snortam'i da inceleyebilirsiniz. Piyasada bulunan bircok Firewall icin(OpenBSD PF, Linux Iptables, Checkpoint NG.., Cisco PIX ..)Fw plugini sagliyor. Iyi calismalar...On 3/24/06, Deniz [EMAIL PROTECTED] wrote: teşekkürler hatayı buldum dediğiniz gibi output satırındaymış bu arada bir şey sormak istiyorum snort ipfw ile birlikte çalışıyormu yani gelen alarete göre ipfw rule ekeleme gibi.-Orjinal mesaj-From: Huzeyfe Onal [EMAIL PROTECTED]Date: Fri, 24 Mar 2006 16:06:33 +0200To: freebsd@lists.enderunix.orgSubject: Re: [FreeBSD] Snort hakkında Merhaba,snort.conf dosyanizdaki output satirlarini gond erebilir misiniz.. Problem busatirlarda gozukuyor.On 3 /23/06, Deniz Tosun [EMAIL PROTECTED] wrote:Merh aba arkadaşlar Freebsd 4.11 sonort acid bileşenlerini kur dum amache php mysql vs.. her şey çalışıyor tek şey dış ından oda snort Start verdikten sonra starting diyor ve daha sonra program kapanıyor messages ten baktığımdaaşağıdaki hatayı veriyordu sorun nedir acaba. Ma r 23 20:41:44 bsd snort: PID path stat checked out ok, PI D path set to /var/run/ Mar 23 20:41:44 bsd snort: Writing PID 33588 to file /var/run//snort_lnc0.pid Mar 23 20:41:44 bsd snort: ,---[Flow Config]- - Mar 23 20:41:44 bsd snort: | St ats Interval:0 Mar 23 20:41:44 bsd snort: | Hash Me thod: 2 Mar 23 20:41:45 bsd snort: | Memcap: 10485760 Mar 23 20:41:45 bsd snort: | Rows: 4099 Mar 23 20:41:45 bsd snort: | Overhead Byt es:16400(%0.16) Mar 23 20:41:45 bsd snort: `--- --- Mar 23 20:41: 45 bsd snort: HttpInspect Config: Mar 23 20:41:45 bsdsnort: GLOBAL CONFIG Mar 23 20:41:45 bsd snort: Max Pipeline Requests:0 Mar 23 20:41:45 bsdsnort: Inspection Type:STATELESS Mar23 20:41:45 bsd snort: Detect Proxy Usage: N O Mar 23 20:41:45 bsd snort: IIS Unicode Map Fi lename: /usr/local/etc/unicode.map Mar 23 20:41:45 bsd snort: IIS Unicode Map Codepage: 1252 Mar 2 3 20:41:45 bsd snort: DEFAULT SERVER CONFIG: Mar 23 20:41:45 bsd snort: Ports: Mar 23 20:41:45 b sd snort: 80 Mar 23 20:41:45 bsd snort: 8080 Mar 23 20:41:45 bsd snort: 8180 Mar 23 20:41:45 bsd snort : Mar 23 20:41:45 bsd snort: Flow Depth: 300 Mar 23 20:41:45 bsd snort: Max Chunk Length: 5000 00 Mar 23 20:41:45 bsd snort: Inspect Pipeline Requests: YES Mar 23 20:41:45 bsd snort: URI Di scovery Strict Mode: NO Mar 23 20:41:45 bsd snort: Allow Proxy Usage: NO Mar 23 20:41:45 bsd snort: Disable Alerting: NO Mar 23 20:41:45 bsd snort:Oversize Dir Length: 500 Mar 23 20:41:45 bsd s nort: Only inspect URI: NO Mar 23 20:41:45 bsd snort: Ascii: YES alert: NO Mar 23 20:41:45 bsdsnort: Double Decoding: YES alert: YES Mar 23 20:41:45 bsd snort: %U Encoding: YES alert: YESMar 23 20:41:45 bsd snort: Bare Byte: YES alert: Y ES Mar 23 20:41:45 bsd snort: Base36: OFF M ar 23 20:41:45 bsd snort: UTF 8: OFF Mar 23 20: 41:45 bsd snort: IIS Unicode: YES alert: YES Ma r 23 20:41:45 bsd snort: Multiple Slash: YES alert:NO Mar 23 20:41:45 bsd snort: IIS Backslash: Y ES alert: NO Mar 23 20:41:45 bsd snort: Directo ry Traversal: YES alert: NO Mar 23 20:41:45 bsd snort : Web Root Traversal: YES alert: YES Mar 23 20: 41:45 bsd snort: Apache WhiteSpace: YES alert: YES Mar 23 20:41:45 bsd snort: IIS Delimiter: YES a lert: YES Mar 23 20:41:45 bsd snort: IIS Unicod e Map: GLOBAL IIS UNICODE MAP CONFIG Mar 23 20:41:4 5 bsd snort: Non-RFC Compliant Characters: Mar 23 20:41:45 bsd snort: NONE Mar 23 20:41:45 bsd snort : Mar 23 20:41:45 bsd snort: rpc_decode arguments: Mar 23 20:41:45 bsd snort: Ports to decode RPC on: 111 32771 Mar 23 20:41:45 bsd snort: alert_fragme nts: INACTIVE Mar 23 20:41:45 bsd snort: alert_la rge_fragments: ACTIVE Mar 23 20:41:45 bsd snort: alert_incomplete: ACTIVE Mar 23 20:41:45 bsd snort:alert_multiple_requests: ACTIVE Mar 23 20:41:45 bs d snort: telnet_decode arguments: Mar 23 20:41:45 bsdsnort: Ports to decode telnet on: 21 23 25 119 M ar 23 20:41:45 bsd snort: FATAL ERROR: unknown output plu gin: '-mode' Mar 23 20:41:45 bsd /kernel: lnc0: promi scuous mode disabled --Huzeyfe ÖNAL---First Turk ish Qmail book is out! Go check it.Duydunuz mu! Turkiye' nin ilk Qmail kitabi cikti.http://www.acikakademi.com/ca talog/qmail/-Cikmak icin, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.orgTurkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php -- Huzeyfe ÖNAL---First Turkish Qmail book is out! Go check it.Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti. http://www.acikakademi.com/catalog/qmail/
Re: [FreeBSD] Snort hakkında
Merhaba,snort.conf dosyanizdaki output satirlarini gonderebilir misiniz.. Problem bu satirlarda gozukuyor.On 3/23/06, Deniz Tosun [EMAIL PROTECTED] wrote: Merhaba arkadaşlar Freebsd 4.11 sonort acid bileşenlerini kurdum amache php mysql vs.. her şey çalışıyor tek şey dışından oda snort Start verdikten sonra starting diyor ve daha sonra program kapanıyor messages ten baktığımda aşağıdaki hatayı veriyordu sorun nedir acaba. Mar 23 20:41:44 bsd snort: PID path stat checked out ok, PID path set to /var/run/ Mar 23 20:41:44 bsd snort: Writing PID 33588 to file /var/run//snort_lnc0.pid Mar 23 20:41:44 bsd snort: ,---[Flow Config]-- Mar 23 20:41:44 bsd snort: | Stats Interval: 0 Mar 23 20:41:44 bsd snort: | Hash Method: 2 Mar 23 20:41:45 bsd snort: | Memcap: 10485760 Mar 23 20:41:45 bsd snort: | Rows : 4099 Mar 23 20:41:45 bsd snort: | Overhead Bytes: 16400(%0.16) Mar 23 20:41:45 bsd snort: `-- Mar 23 20:41:45 bsd snort: HttpInspect Config: Mar 23 20:41:45 bsd snort: GLOBAL CONFIG Mar 23 20:41:45 bsd snort: Max Pipeline Requests: 0 Mar 23 20:41:45 bsd snort: Inspection Type: STATELESS Mar 23 20:41:45 bsd snort: Detect Proxy Usage: NO Mar 23 20:41:45 bsd snort: IIS Unicode Map Filename: /usr/local/etc/unicode.map Mar 23 20:41:45 bsd snort: IIS Unicode Map Codepage: 1252 Mar 23 20:41:45 bsd snort: DEFAULT SERVER CONFIG: Mar 23 20:41:45 bsd snort: Ports: Mar 23 20:41:45 bsd snort: 80 Mar 23 20:41:45 bsd snort: 8080 Mar 23 20:41:45 bsd snort: 8180 Mar 23 20:41:45 bsd snort: Mar 23 20:41:45 bsd snort: Flow Depth: 300 Mar 23 20:41:45 bsd snort: Max Chunk Length: 50 Mar 23 20:41:45 bsd snort: Inspect Pipeline Requests: YES Mar 23 20:41:45 bsd snort: URI Discovery Strict Mode: NO Mar 23 20:41:45 bsd snort: Allow Proxy Usage: NO Mar 23 20:41:45 bsd snort: Disable Alerting: NO Mar 23 20:41:45 bsd snort: Oversize Dir Length: 500 Mar 23 20:41:45 bsd snort: Only inspect URI: NO Mar 23 20:41:45 bsd snort: Ascii: YES alert: NO Mar 23 20:41:45 bsd snort: Double Decoding: YES alert: YES Mar 23 20:41:45 bsd snort: %U Encoding: YES alert: YES Mar 23 20:41:45 bsd snort: Bare Byte: YES alert: YES Mar 23 20:41:45 bsd snort: Base36: OFF Mar 23 20:41:45 bsd snort: UTF 8: OFF Mar 23 20:41:45 bsd snort: IIS Unicode: YES alert: YES Mar 23 20:41:45 bsd snort: Multiple Slash: YES alert: NO Mar 23 20:41:45 bsd snort: IIS Backslash: YES alert: NO Mar 23 20:41:45 bsd snort: Directory Traversal: YES alert: NO Mar 23 20:41:45 bsd snort: Web Root Traversal: YES alert: YES Mar 23 20:41:45 bsd snort: Apache WhiteSpace: YES alert: YES Mar 23 20:41:45 bsd snort: IIS Delimiter: YES alert: YES Mar 23 20:41:45 bsd snort: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG Mar 23 20:41:45 bsd snort: Non-RFC Compliant Characters: Mar 23 20:41:45 bsd snort: NONE Mar 23 20:41:45 bsd snort: Mar 23 20:41:45 bsd snort: rpc_decode arguments: Mar 23 20:41:45 bsd snort: Ports to decode RPC on: 111 32771 Mar 23 20:41:45 bsd snort: alert_fragments: INACTIVE Mar 23 20:41:45 bsd snort: alert_large_fragments: ACTIVE Mar 23 20:41:45 bsd snort: alert_incomplete: ACTIVE Mar 23 20:41:45 bsd snort: alert_multiple_requests: ACTIVE Mar 23 20:41:45 bsd snort: telnet_decode arguments: Mar 23 20:41:45 bsd snort: Ports to decode telnet on: 21 23 25 119 Mar 23 20:41:45 bsd snort: FATAL ERROR: unknown output plugin: '-mode' Mar 23 20:41:45 bsd /kernel: lnc0: promiscuous mode disabled -- Huzeyfe ÖNAL---First Turkish Qmail book is out! Go check it.Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti. http://www.acikakademi.com/catalog/qmail/
