|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] ERROR: ERROR /etc/snort/rules/snort.eth0.conf (97): Bad arguments to byte_test:
From: Andre Cameron (andrec
cydock.com)
Date: Sat Jul 05 2003 - 13:00:02 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello,
>>Yep. Ditch Snortcenter. It's b0rken. But don't take my word for it,
>>make your own conclusion [0].
Hmm which GUI do you recommend?
>>Note: There are some serious inherent dangers with firewalls and
>>autoblocking. Again, make your own conclusion [1]
I dont use auto blocking because to many false positives can block
internal IPs which can have bed results. I just wanted to look into it.
I was more interested with a firewall that had a centralized block list
so that when I update one it updates all versus manually going through
and adjusting all the firewalls.
Thanks for the help:)
aNc
Erek Adams wrote:
>On Sat, 5 Jul 2003, Andre Cameron wrote:
>
>
>
>>I need a little help. I have Snort 2.0 and SnortCenter 1.0 w/ snort
>>agent. I setup using the enterprise install guide on the snortcenter
>>website. Problem is after importing the rules from the net and pushing
>>them to the agent when I reload I get:
>>
>>ERROR: ERROR /etc/snort/rules/snort.eth0.conf (97): Bad arguments to
>>byte_test:
>>
>>
>
>[...snip...]
>
>
>
>>Anyone know how to fix this?
>>
>>
>
>Yep. Ditch Snortcenter. It's b0rken. But don't take my word for it,
>make your own conclusion [0].
>
>
>
>>Also I have a question, does anyone know of a good firewall for *Nix &
>>windows that can use a central database across multiple servers? Maybie
>>even one that plugs in with Snort for auto blocking?
>>
>>
>
>Note: There are some serious inherent dangers with firewalls and
>autoblocking. Again, make your own conclusion [1].
>
>If you really, really have to have an autoblock feature, go check out
>SnortSam [2]. It works smartly and safely to send rule updates to
>firewalls. Supports quite a few of them.
>
>Cheers!
>
>-----
>Erek Adams
>
> "When things get weird, the weird turn pro." H.S. Thompson
>
>[0] http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=snortcenter+byte&q=b
>[1] http://marc.theaimsgroup.com/?l=snort-users&w=2&r=1&s=autoblock&q=b
>[2] http://www.snortsam.net/
>
>
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]