Re: [FreeBSD] Snort hakkında

Huzeyfe Onal Fri, 24 Mar 2006 00:52:21 -0800

Merhaba,

evet calisiyor. http://freebsd.rogness.net/snort_inline/ adresine bakacak olursaniz konu ile ilgili detay bilgi bulabilirsiniz.
ek olarak Snortam'i da inceleyebilirsiniz. Piyasada bulunan bircok Firewall icin(OpenBSD PF, Linux Iptables, Checkpoint NG.., Cisco PIX ..)Fw plugini sagliyor.
Iyi calismalar...

On 3/24/06, Deniz <[EMAIL PROTECTED]> wrote:

teşekkürler hatayı buldum dediğiniz gibi output satırındaymış bu arada bir şey sormak istiyorum snort ipfw ile birlikte çalışıyormu yani gelen alarete göre ipfw rule ekeleme gibi.

-----Orjinal mesaj-----
From: "Huzeyfe Onal" [EMAIL PROTECTED]
Date: Fri, 24 Mar 2006 16:06:33 +0200
To: [email protected]
Subject: Re: [FreeBSD] Snort hakkında

> Merhaba,

snort.conf dosyanizdaki output satirlarini gond> erebilir misiniz.. Problem bu
satirlarda gozukuyor.

On 3> /23/06, Deniz Tosun <[EMAIL PROTECTED] > wrote:
>
>  Merh> aba arkadaşlar Freebsd 4.11 sonort acid bileşenlerini kur> dum amache
> php mysql vs.. her şey çalışıyor tek şey dış> ından oda snort
>
> Start verdikten sonra starting diyor > ve daha sonra program kapanıyor
> messages ten baktığımda>  aşağıdaki hatayı veriyordu sorun nedir acaba.
>
>
>
> Ma> r 23 20:41:44 bsd snort: PID path stat checked out ok, PI> D path set to
> /var/run/
>
> Mar 23 20:41:44 bsd snort: > Writing PID "33588" to file
> "/var/run//snort_lnc0.pid"
> >
> Mar 23 20:41:44 bsd snort: ,-----------[Flow Config]-> ---------------------
>
> Mar 23 20:41:44 bsd snort: | St> ats Interval:  0
>
> Mar 23 20:41:44 bsd snort: | Hash Me> thod:     2
>
> Mar 23 20:41:45 bsd snort: | Memcap:     >      10485760
>
> Mar 23 20:41:45 bsd snort: | Rows  :   >        4099
>
> Mar 23 20:41:45 bsd snort: | Overhead Byt> es:  16400(%0.16)
>
> Mar 23 20:41:45 bsd snort: `-------> ---------------------------------------
>
> Mar 23 20:41:> 45 bsd snort: HttpInspect Config:
>
> Mar 23 20:41:45 bsd>  snort:     GLOBAL CONFIG
>
> Mar 23 20:41:45 bsd snort: >       Max Pipeline Requests:    0
>
> Mar 23 20:41:45 bsd>  snort:       Inspection Type:          STATELESS
>
> Mar>  23 20:41:45 bsd snort:       Detect Proxy Usage:       N> O
>
> Mar 23 20:41:45 bsd snort:       IIS Unicode Map Fi> lename:
> /usr/local/etc/unicode.map
>
> Mar 23 20:41:45 > bsd snort:       IIS Unicode Map Codepage: 1252
>
> Mar 2> 3 20:41:45 bsd snort:     DEFAULT SERVER CONFIG:
>
> Mar > 23 20:41:45 bsd snort:       Ports:
>
> Mar 23 20:41:45 b> sd snort: 80
>
> Mar 23 20:41:45 bsd snort: 8080
>
> Mar > 23 20:41:45 bsd snort: 8180
>
> Mar 23 20:41:45 bsd snort> :
>
> Mar 23 20:41:45 bsd snort:       Flow Depth: 300
>
> > Mar 23 20:41:45 bsd snort:       Max Chunk Length: 5000> 00
>
> Mar 23 20:41:45 bsd snort:       Inspect Pipeline > Requests: YES
>
> Mar 23 20:41:45 bsd snort:       URI Di> scovery Strict Mode: NO
>
> Mar 23 20:41:45 bsd snort:   >     Allow Proxy Usage: NO
>
> Mar 23 20:41:45 bsd snort: >       Disable Alerting: NO
>
> Mar 23 20:41:45 bsd snort:>        Oversize Dir Length: 500
>
> Mar 23 20:41:45 bsd s> nort:       Only inspect URI: NO
>
> Mar 23 20:41:45 bsd > snort:       Ascii: YES alert: NO
>
> Mar 23 20:41:45 bsd>  snort:       Double Decoding: YES alert: YES
>
> Mar 23 > 20:41:45 bsd snort:       %U Encoding: YES alert: YES
>
>>  Mar 23 20:41:45 bsd snort:       Bare Byte: YES alert: Y> ES
>
> Mar 23 20:41:45 bsd snort:       Base36: OFF
>
> M> ar 23 20:41:45 bsd snort:       UTF 8: OFF
>
> Mar 23 20:> 41:45 bsd snort:       IIS Unicode: YES alert: YES
>
> Ma> r 23 20:41:45 bsd snort:       Multiple Slash: YES alert:>  NO
>
> Mar 23 20:41:45 bsd snort:       IIS Backslash: Y> ES alert: NO
>
> Mar 23 20:41:45 bsd snort:       Directo> ry Traversal: YES alert: NO
>
> Mar 23 20:41:45 bsd snort> :       Web Root Traversal: YES alert: YES
>
> Mar 23 20:> 41:45 bsd snort:       Apache WhiteSpace: YES alert: YES
> >
> Mar 23 20:41:45 bsd snort:       IIS Delimiter: YES a> lert: YES
>
> Mar 23 20:41:45 bsd snort:       IIS Unicod> e Map: GLOBAL IIS UNICODE MAP
> CONFIG
>
> Mar 23 20:41:4> 5 bsd snort:       Non-RFC Compliant Characters:
>
> Mar > 23 20:41:45 bsd snort: NONE
>
> Mar 23 20:41:45 bsd snort> :
>
> Mar 23 20:41:45 bsd snort: rpc_decode arguments:
>
> > Mar 23 20:41:45 bsd snort:     Ports to decode RPC on: > 111 32771
>
> Mar 23 20:41:45 bsd snort:     alert_fragme> nts: INACTIVE
>
> Mar 23 20:41:45 bsd snort:     alert_la> rge_fragments: ACTIVE
>
> Mar 23 20:41:45 bsd snort:     > alert_incomplete: ACTIVE
>
> Mar 23 20:41:45 bsd snort:  >    alert_multiple_requests: ACTIVE
>
> Mar 23 20:41:45 bs> d snort: telnet_decode arguments:
>
> Mar 23 20:41:45 bsd>  snort:     Ports to decode telnet on: 21 23 25 119
>
> M> ar 23 20:41:45 bsd snort: FATAL ERROR: unknown output plu> gin: '-mode'
>
> Mar 23 20:41:45 bsd /kernel: lnc0: promi> scuous mode disabled
>
>

--
Huzeyfe ÖNAL
---
First Turk> ish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'> nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/ca > talog/qmail/

---------------------------------------------------------------------
Cikmak icin, e-mail: [EMAIL PROTECTED]
Liste arsivi: http://lists.enderunix.org
Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/freebsd.php

--
Huzeyfe ÖNAL
---
First Turkish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/catalog/qmail/

Re: [FreeBSD] Snort hakkında

Cevap