[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: configuration problems
>Could you attatch the full firestorm log output please? This sounds more
>like a plugin failed to load or something. Is this the default snort
>rules shipped with firestorm?
yes it the defaut snort rules.
1065081435.335743 info: Firestorm v0.5.4
1065081435.335784 info: Copyright (c) 2002,2003 Gianni Tedesco
1065081435.335792 info: This program is released under the terms of the GNU
GPL version 2 (see: COPYING)
1065081435.337091 info: plugin: capture.fagrouter[0.1]: TCP stream test rig
1065081435.337246 info: plugin: capture.linux[1.0]: Linux mmap() packet
socket
1065081435.338608 info: plugin: capture.pcap[1.0]: Live libpcap capture
1065081435.339990 info: plugin: capture.pcapfile[1.0]: Offline libpcap
capture
1065081435.340275 info: plugin: capture.tcpdump[2.0]: Reads packets in from
tcpdump files
1065081435.340476 info: plugin: decode.arp[2.0]: ARP/RARP
1065081435.340613 info: plugin: decode.ether[2.1]: Ethernet II, 802.3, LLC
and SNAP
1065081435.340706 info: plugin: decode.gre[2.0]: Generic Routing
Encapsulation
1065081435.340861 info: plugin: decode.http[0.1]: Hyper-text Transfer
Protocol
1065081435.340957 info: plugin: decode.igmp[2.0]: Internet Group Messaging
Protocol
1065081435.341098 info: plugin: decode.ipx[1.1]: Internetwork Packet
eXchange
1065081435.341194 info: plugin: decode.irda[0.1]: IRDA (Infra-Red)
1065081435.341298 info: plugin: decode.sap[0.2]: Service Advertising
Protocol
1065081435.341415 info: plugin: decode.sll[1.0]: Linux SLL
1065081435.341527 info: plugin: decode.smtp[0.1]: Simple Mail Transfer
Protocol
1065081435.341873 info: plugin: decode.tcpip[2.0]: The Internet Protocol
1065081435.341983 info: plugin: decode.vlan[1.0]: 802.1q aka vlan
1065081435.342147 info: plugin: match.dns[0.1]: DNS matching routines
1065081435.342261 info: plugin: match.http[0.1]: HTTP matching routines
1065081435.342403 info: plugin: match.icmp[2.0]: ICMP matching routines
1065081435.342621 info: plugin: match.ip[2.0]: IP matching routines
1065081435.342763 info: plugin: match.ipx[1.1]: IPX matching routines
1065081435.342898 info: plugin: match.rpc[2.0]: RPC matching routines
1065081435.343013 info: plugin: match.std[2.0]: Generic matching routines
1065081435.343175 info: plugin: match.str[2.0]: String matching routines
1065081435.343331 info: plugin: match.tcp[2.0]: TCP matching routines
1065081435.343460 info: plugin: match.udp[2.0]: UDP matching routines
1065081435.343678 info: plugin: parser.snort[2.0]: Snort ruleset files
1065081435.343804 info: plugin: preproc.spoon[0.1]: S.P.O.O.N. Anomaly
Detection
1065081435.344323 info: pcap: if=any mtu=16384
1065081435.344389 info: alert: log/: max log size: 1024KB
1065081435.344395 info: alert: log/: max log age: 1 hrs 0 mins
1065081435.344400 info: alert: log/: buffered output: 16KB buffer
1065081435.344416 info: ipfrag: mem_hi=1048576 mem_lo=786432 minttl=0
timeout=30s
1065081435.359966 info: tcpstream: 32768 streams in 513 buckets (4736 KB)
1065081435.360007 info: tcpstream: TCP stream reassembly is ENABLED: 16384
flows
1065081435.375881 error: snort: ./snort-rules/finger.rules:8 : Rule failed
to commit: FINGER cmd_rootsh backdoor attempt
1065081435.375912 error: exit: ./snort-rules/finger.rules: error loading
snort signatures
1065081435.375918 info: alert: log/: flushing to disk.
1065081435.376635 info: pcap: received 4 packets, dropped 0
1065081435.376735 info: loader: unloading all plugins
1065081435.376809 info: ipfrag: 0 reassembled packets, 0 reasm errors, 0
timeouts
1065081435.376871 info: ipfrag: 0 times out of memory, 0KB still used
1065081435.376990 info: tcpstream: max_concurrent=0 num_active=0
1065081435.377059 info: tcpstream: max_flows=0 num_flows=0
1065081435.377115 info: tcpstream: 0 state errors out of 0 packets
1065081435.377171 info: tcpstream: 0 broadcasts, 0 ttl evasions, 0 timeouts,
0 reassembled
1065081435.377865 debug: cleanup: exit with code 1