LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 02-03-2005, 10:01 AM   #1
ryedunn
Member
 
Registered: Jul 2003
Location: Chicago
Distribution: Fedora, ubuntu
Posts: 458

Rep: Reputation: 30
snort not posting priority


I have snort running and I would like to have swatch preform specific actions after receiving a warning from snort. On my old system, snort always gave me a [Priority: 1, 2, 3 etc] error which is what I would like snort to watch for. On this new install, my logs look like this:
Code:
Feb  3 07:11:27 linux snort: [119:2:1] (http_inspect) DOUBLE DECODING ATTACK {TCP} offending ip:3787 -> myip:80
Feb  3 08:30:52 linux snort: [119:16:1] (http_inspect) OVERSIZE CHUNK ENCODING {TCP} offending ip:2090 -> myip:80
Whats with the [119:*:1]? Ive searched google and I didnt get much, anyone else seen this, better yet.. does anyone know how to change this to the [Priority] setting?

R

Last edited by ryedunn; 02-03-2005 at 10:30 AM.
 
Old 02-04-2005, 12:38 PM   #2
ryedunn
Member
 
Registered: Jul 2003
Location: Chicago
Distribution: Fedora, ubuntu
Posts: 458

Original Poster
Rep: Reputation: 30
I think the priorty is only placed at the end and does not replace the IDs like [119:2:1]. Its also a guess that these smaller types of web attacks dont have a priority on them, the reason why I saw the priorities on others was because I was using standard ports for applications and my firewall was kaka..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Error when starting up snort: bash:!/bin/sh/usr/local/bin/snort :Eent not found cynthia_thomas Linux - Software 1 11-11-2005 02:59 PM
snort failed: snort: symbol lookup error: undefined symbol: usmAES192PrivProtocol Emmanuel_uk Linux - Security 1 07-10-2005 10:29 AM
priority alaios Linux - General 3 10-12-2004 06:55 AM
Snort rules> priority linuxtommy Linux - Security 1 09-12-2004 09:35 PM
snort snort.conf help crealkiller175 Linux - Software 1 03-08-2003 05:58 PM


All times are GMT -5. The time now is 03:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration