- 论坛徽章:
- 0
|
对啦!我是不是要把snort.conf文件完整路径给出啊!? snort -dev -l ./log -h 210.43.2.0/24 -c /etc/snort/snort.conf 我键入这样的命令出现以下代码:
Running in IDS mode
--== Initializing Snort ==--
Initializing Output Plugins!
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf
Var 'HOME_NET' redefined
PortVar 'HTTP_PORTS' defined : [ 80 2301 3128 8000 8080 8180 8888]
PortVar 'SHELLCODE_PORTS' defined : [ 0:79 81:65535]
PortVar 'ORACLE_PORTS' defined : [ 1521]
PortVar 'AUTH_PORTS' defined : [ 113]
PortVar 'DNS_PORTS' defined : [ 53]
PortVar 'FINGER_PORTS' defined : [ 79]
PortVar 'FTP_PORTS' defined : [ 21]
PortVar 'IMAP_PORTS' defined : [ 143]
PortVar 'IRC_PORTS' defined : [ 6665:6669 7000]
PortVar 'MSSQL_PORTS' defined : [ 1433]
PortVar 'NNTP_PORTS' defined : [ 119]
PortVar 'POP2_PORTS' defined : [ 109]
PortVar 'POP3_PORTS' defined : [ 110]
PortVar 'SUNRPC_PORTS' defined : [ 111 32770:32779]
PortVar 'RLOGIN_PORTS' defined : [ 513]
PortVar 'RSH_PORTS' defined : [ 514]
PortVar 'SMB_PORTS' defined : [ 139 445]
PortVar 'SMTP_PORTS' defined : [ 25]
PortVar 'SNMP_PORTS' defined : [ 161]
PortVar 'SSH_PORTS' defined : [ 22]
PortVar 'TELNET_PORTS' defined : [ 23]
PortVar 'MAIL_PORTS' defined : [ 25 143 465 691]
PortVar 'SSL_PORTS' defined : [ 25 443 465 636 993 995]
Detection:
Search-Method = AC-BNFA
Frag3 global config:
Max frags: 65536
Fragment memory cap: 4194304 bytes
Frag3 engine config:
Target-based policy: WINDOWS
Fragment timeout: 180 seconds
Fragment min_ttl: 1
Fragment ttl_limit: 5
Fragment Problems: 0
Stream5 global config:
Track TCP sessions: ACTIVE
Max TCP sessions: 8192
Memcap (for reassembly packet storage): 8388608
Track UDP sessions: ACTIVE
Max UDP sessions: 131072
Track ICMP sessions: INACTIVE
Stream5 TCP Policy config:
Reassembly Policy: WINDOWS
Timeout: 30 seconds
Min ttl: 1
Options:
Static Flushpoint Sizes: YES
Reassembly Ports:
21 client (Footprint)
23 client (Footprint)
25 client (Footprint)
42 client (Footprint)
53 client (Footprint)
80 client (Footprint)
110 client (Footprint)
111 client (Footprint)
135 client (Footprint)
136 client (Footprint)
137 client (Footprint)
139 client (Footprint)
143 client (Footprint)
445 client (Footprint)
465 client (Footprint)
513 client (Footprint)
691 client (Footprint)
1433 client (Footprint)
1521 client (Footprint)
2100 client (Footprint)
Stream5 UDP Policy config:
Timeout: 30 seconds
Options:
Ignore Any -> Any Rules: YES
HttpInspect Config:
GLOBAL CONFIG
Max Pipeline Requests: 0
Inspection Type: STATELESS
Detect Proxy Usage: NO
IIS Unicode Map Filename: /etc/snort/unicode.map
IIS Unicode Map Codepage: 1252
DEFAULT SERVER CONFIG:
Server profile: All
Ports: 80 2301 3128 8000 8080 8180 8888
Flow Depth: 1460
Max Chunk Length: 500000
Inspect Pipeline Requests: YES
URI Discovery Strict Mode: NO
Allow Proxy Usage: NO
Disable Alerting: NO
Oversize Dir Length: 500
Only inspect URI: NO
Ascii: YES alert: NO
Double Decoding: YES alert: NO
%U Encoding: YES alert: YES
Bare Byte: YES alert: NO
Base36: OFF
UTF 8: YES alert: NO
IIS Unicode: YES alert: NO
Multiple Slash: YES alert: NO
IIS Backslash: YES alert: NO
Directory Traversal: YES alert: NO
Web Root Traversal: YES alert: NO
Apache WhiteSpace: YES alert: NO
IIS Delimiter: YES alert: NO
IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
Whitespace Characters: 0x09 0x0b 0x0c 0x0d
rpc_decode arguments:
Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777
32778 32779
alert_fragments: INACTIVE
alert_large_fragments: ACTIVE
alert_incomplete: ACTIVE
alert_multiple_requests: ACTIVE
ERROR: Unable to open rules file: /etc/snort/rules/local.rules or /etc/snort//et
c/snort/rules/local.rules
Fatal Error, Quitting..
是说是规则库的问题吗????真晕啊!!! |
|
免费注册
发表于 2009-02-18 19:52
发表于 2009-02-22 19:41
