latest stable is 2.8.0.1. look it up. www.snort.org you should compile snort anyway imnsho. why rely on a package that someone put together. just compile snort and go with it.
On Dec 15, 2007 5:52 AM, Matteo Ignaccolo <[EMAIL PROTECTED]> wrote: > Jonathan Askew JBASKEW wrote: > > > I am new to IDS and have just set up snort on a ubuntu host. > > Which snort version? > On debian and debian based distros, as ubuntu, yuo will find only old > versions of snort. > For example, this summer on official ubuntu mirror was available > Snort 2.3.3, when the latest STABLE release was the 2.7 > IMHO the best way to use snort on ubuntu is compile latest stable > release. > > > It has worked > > well except for the fact that I am getting some false positivies > > from local > > traffic on the network. > > Have you set the proper rules set for your network? > > > I want to set a rule in order to suppress/ignore local network > > traffic for 192.168.1.0/24. > > I know this can be done in the /etc/threshold.conf file but have > > not been > > able to do so successfully. > > The correct solution is the tip in Boogie B. answer. > If I remember well, during installation you set your internal network > IP address and subnet, but the external net is sets to "any" as default > Remember that is not a good choice suppress all traffic from internal > host, because you'll be not able to detect anomaly activity that > starts from internal host. > > -- > Matteo Ignaccolo > > > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
