[prev in list] [next in list] [prev in thread] [next in thread]
List: snort-users
Subject: Re: [Snort-users] Signature Problem
From: Kai Chan via Snort-users <snort-users () lists ! snort ! org>
Date: 2017-09-09 17:32:12
Message-ID: CAF0g9x1VJHmfW2cJnHC_c3954jvUw9cq+t5QKZ5kQx-diXTfrg () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks to everyone for their help. I had to disable checksums for Snort to
fire alerts.
Thanks,
Kai
On Sep 8, 2017 8:09 PM, <wkitty42@windstream.net> wrote:
> On 09/08/2017 06:44 PM, Kai Chan via Snort-users wrote:
>
>> As I said before, I get ICMP alerts, but if I try to browse a webpage or
>> do a
>> DNS query, it still won't alert. Tcpdump seems to work fine on the
>> container, so I don't understand why Snort wouldn't. Did I forget to do
>> something?
>>
>
> try adding "-k none" to your command line to turn off packet checksums...
>
> please keep your response(s) on the list...
>
> --
> NOTE: No off-list assistance is given without prior approval.
> *Please keep mailing list traffic on the list unless*
> *a signed and pre-paid contract is in effect with us.*
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
[Attachment #5 (text/html)]
<div dir="auto">Thanks to everyone for their help. I had to disable checksums for \
Snort to fire alerts.<div dir="auto"><br></div><div dir="auto">Thanks,</div><div \
dir="auto">Kai</div></div><div class="gmail_extra"><br><div class="gmail_quote">On \
Sep 8, 2017 8:09 PM, <<a \
href="mailto:wkitty42@windstream.net">wkitty42@windstream.net</a>> wrote:<br \
type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex">On 09/08/2017 06:44 PM, Kai Chan \
via Snort-users wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex"> As I said before, I get ICMP \
alerts, but if I try to browse a webpage or do a<br> DNS query, it still won't \
alert. Tcpdump seems to work fine on the<br> container, so I don't understand \
why Snort wouldn't. Did I forget to do<br> something?<br>
</blockquote>
<br>
try adding "-k none" to your command line to turn off packet \
checksums...<br> <br>
please keep your response(s) on the list...<br>
<br>
-- <br>
NOTE: No off-list assistance is given without prior approval.<br>
*Please keep mailing list traffic on the list unless*<br>
*a signed and pre-paid contract is in effect with us.*<br>
______________________________<wbr>_________________<br>
Snort-users mailing list<br>
<a href="mailto:Snort-users@lists.snort.org" \
target="_blank">Snort-users@lists.snort.org</a><br> Go to this URL to change user \
options or unsubscribe:<br> <a \
href="https://lists.snort.org/mailman/listinfo/snort-users" rel="noreferrer" \
target="_blank">https://lists.snort.org/mailma<wbr>n/listinfo/snort-users</a><br> \
<br> Please visit <a href="http://blog.snort.org" rel="noreferrer" \
target="_blank">http://blog.snort.org</a> to stay current on all the latest Snort \
news!<br> </blockquote></div></div>
_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users
Please visit http://blog.snort.org to stay current on all the latest Snort news!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic