ПОМОГИТЕ со SNORT-ом

запуск на all iterfaces, snort.conf:

var HOME_NET [192.168.10.0/24] var EXTERNAL_NET any var DNS_SERVERS [192.168.10.1,192.168.10.2] var SMTP_SERVERS [192.168.10.1,192.168.11.1] var HTTP_SERVERS [192.168.10.1,192.168.11.1] var HTTP_PORTS 80 var SHELLCODE_PORTS !80 var ORACLE_PORTS 1521 var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.16 1.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24] var RULE_PATH /etc/snort/rules

preprocessor flow: stats_interval 0 hash 2 preprocessor frag2 preprocessor stream4: disable_evasion_alerts preprocessor stream4_reassemble preprocessor http_inspect: global \ preprocessor http_inspect_server: server default \ preprocessor rpc_decode: 111 32771 preprocessor bo preprocessor telnet_decode preprocessor arpspoof

output alert_syslog: LOG_AUTH LOG_ALERT include classification.config include reference.config include $RULE_PATH/local.rules ... include $RULE_PATH/experimental.rules

chulik ★
(15.10.04 11:07:57 MSD) автор топика

Ссылка

Похожие темы