Thread: [Secureideas-base-user] help with base and ip destination 0.0.0.0
Brought to you by:
secureideas,
sinukas
From: hernani c. <her...@ms...> - 2016-01-26 14:20:26
|
hello, i have, snort, base, mysql, barnyard2, and pulledpork everything works but i receive a lot alerts from ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of these alerts. how can i stop these alerts?? i see entries when i see a web page. can someone help me?? thanks hernani |
From: hernani c. <her...@ms...> - 2016-01-26 15:14:27
|
hello, i have, snort, base, mysql, barnyard2, and pulledpork everything works but i receive a lot alerts from ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of these alerts. how can i stop these alerts?? i see entries when i see a web page. can someone help me?? thanks hernani |
From: hernani c. <coe...@sa...> - 2016-01-26 16:19:31
|
hello, i have, snort, base, mysql, barnyard2, and pulledpork everything works but i receive a lot alerts from ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of these alerts. how can i stop these alerts?? #0-(3-146) <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset outside window 2016-01-26 15:47:51 64.4.8.0 <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> 0.0.0.0 <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> IP i see entries when i see a web page. can someone help me?? thanks hernani |
From: hernani c. <coe...@sa...> - 2016-01-27 17:03:20
|
anybody can help me?? On 26-01-2016 16:19, hernani coelho wrote: > hello, > > i have, snort, base, mysql, barnyard2, and pulledpork everything works > but i receive a lot alerts from > ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of > these alerts. how can i stop these alerts?? > #0-(3-146) > <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> > [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset > outside window 2016-01-26 15:47:51 64.4.8.0 > <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> > 0.0.0.0 > <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> > IP > > i see entries when i see a web page. > can someone help me?? > > thanks > hernani > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > > > _______________________________________________ > Secureideas-base-user mailing list > Sec...@li... > https://lists.sourceforge.net/lists/listinfo/secureideas-base-user |
From: hernani c. <coe...@sa...> - 2016-01-28 11:01:18
|
> anybody can help me?? > > On 26-01-2016 16:19, hernani coelho wrote: >> hello, >> >> i have, snort, base, mysql, barnyard2, and pulledpork everything works >> but i receive a lot alerts from >> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of >> these alerts. how can i stop these alerts?? >> #0-(3-146) >> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> >> [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset >> outside window 2016-01-26 15:47:51 64.4.8.0 >> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> >> 0.0.0.0 >> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> >> IP >> >> i see entries when i see a web page. >> can someone help me?? >> >> thanks >> hernani >> >> >> ------------------------------------------------------------------------------ >> Site24x7 APM Insight: Get Deep Visibility into Application Performance >> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >> Monitor end-to-end web transactions and take corrective actions now >> Troubleshoot faster and improve end-user experience. Signup Now! >> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >> >> >> _______________________________________________ >> Secureideas-base-user mailing list >> Sec...@li... >> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user > > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > > > _______________________________________________ > Secureideas-base-user mailing list > Sec...@li... > https://lists.sourceforge.net/lists/listinfo/secureideas-base-user |
From: hernani c. <coe...@sa...> - 2016-01-28 13:45:58
|
hello, that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules i use pulledpork to manage rules, i don't know if pulledpork have that rule enabled. how can i see?? thanks hernani On 28-01-2016 11:44, Joel Esler wrote: > hernani, > > Have you tried shutting off that particular preprocessor rule in > preprocessor.rules? > > On Jan 28, 2016, 6:01 AM, hernani coelho wrote: > >> >> >>> anybody can help me?? >>> >>> On 26-01-2016 16:19, hernani coelho wrote: >>>> hello, >>>> >>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works >>>> but i receive a lot alerts from >>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of >>>> these alerts. how can i stop these alerts?? >>>> #0-(3-146) >>>> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> >>>> [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset >>>> outside window 2016-01-26 15:47:51 64.4.8.0 >>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> >>>> 0.0.0.0 >>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> >>>> IP >>>> >>>> i see entries when i see a web page. >>>> can someone help me?? >>>> >>>> thanks >>>> hernani >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>>> Monitor end-to-end web transactions and take corrective actions now >>>> Troubleshoot faster and improve end-user experience. Signup Now! >>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>>> >>>> >>>> _______________________________________________ >>>> Secureideas-base-user mailing list >>>> Sec...@li... >>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>> Monitor end-to-end web transactions and take corrective actions now >>> Troubleshoot faster and improve end-user experience. Signup Now! >>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>> >>> >>> _______________________________________________ >>> Secureideas-base-user mailing list >>> Sec...@li... >>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>> >> |
From: hernani c. <coe...@sa...> - 2016-01-28 15:13:22
|
i have problems to send email to list, i receive error to post messages lets see if now go. > hello, > that rule are commented ---> # include > $PREPROC_RULE_PATH/preprocessor.rules > > i use pulledpork to manage rules, i don't know if pulledpork have that > rule enabled. how can i see?? > > thanks > hernani > On 28-01-2016 11:44, Joel Esler wrote: >> hernani, >> >> Have you tried shutting off that particular preprocessor rule in >> preprocessor.rules? >> >> On Jan 28, 2016, 6:01 AM, hernani coelho wrote: >> >>> >>> >>>> anybody can help me?? >>>> >>>> On 26-01-2016 16:19, hernani coelho wrote: >>>>> hello, >>>>> >>>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works >>>>> but i receive a lot alerts from >>>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of >>>>> these alerts. how can i stop these alerts?? >>>>> #0-(3-146) >>>>> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> >>>>> [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset >>>>> outside window 2016-01-26 15:47:51 64.4.8.0 >>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> >>>>> 0.0.0.0 >>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> >>>>> IP >>>>> >>>>> i see entries when i see a web page. >>>>> can someone help me?? >>>>> >>>>> thanks >>>>> hernani >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>>>> Monitor end-to-end web transactions and take corrective actions now >>>>> Troubleshoot faster and improve end-user experience. Signup Now! >>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Secureideas-base-user mailing list >>>>> Sec...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>>> Monitor end-to-end web transactions and take corrective actions now >>>> Troubleshoot faster and improve end-user experience. Signup Now! >>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>>> >>>> >>>> _______________________________________________ >>>> Secureideas-base-user mailing list >>>> Sec...@li... >>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>>> >>> > |
From: hernani c. <coe...@sa...> - 2016-01-28 15:28:56
|
hello, that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules i use pulledpork to manage rules, i don't know if that rule are enabled by pulledpork, how can i see if that rule are enabled?? > > i use pulledpork to manage rules, i don't know if pulledpork have that > rule enabled. how can i see?? > > thanks > hernani > On 28-01-2016 11:44, Joel Esler wrote: >> hernani, >> >> Have you tried shutting off that particular preprocessor rule in >> preprocessor.rules? >> >> On Jan 28, 2016, 6:01 AM, hernani coelho wrote: >> >>> >>> >>>> anybody can help me?? >>>> >>>> On 26-01-2016 16:19, hernani coelho wrote: >>>>> hello, >>>>> >>>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works >>>>> but i receive a lot alerts from >>>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of >>>>> these alerts. how can i stop these alerts?? >>>>> |
From: hernani c. <coe...@sa...> - 2016-01-28 16:09:08
|
hello, that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules i use pulledpork and barnyard2 to manage rules, i don't know if pulledpork have that rule enabled. how can i see?? > > thanks > hernani > On 28-01-2016 11:44, Joel Esler wrote: >> hernani, >> >> Have you tried shutting off that particular preprocessor rule in >> preprocessor.rules? >> >> On Jan 28, 2016, 6:01 AM, hernani coelho wrote: >> >>> >>> >>>> anybody can help me?? >>>> >>>> On 26-01-2016 16:19, hernani coelho wrote: >>>>> hello, >>>>> >>>>> i have, snort, base, mysql, barnyard2, and pulledpork everything works >>>>> but i receive a lot alerts from >>>>> ip 64.4.8.0 or 64.4.8.1 to destination 0.0.0.0 snort don't show any of >>>>> these alerts. how can i stop these alerts?? >>>>> #0-(3-146) >>>>> <http://192.168.1.66/base-1.4.5/base_qry_alert.php?submit=%230-%283-146%29&sort_order=> >>>>> [snort <http://www.snort.org/search/sid/129-15>] stream5: Reset >>>>> outside window 2016-01-26 15:47:51 64.4.8.0 >>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=64.4.8.0&netmask=32> >>>>> 0.0.0.0 >>>>> <http://192.168.1.66/base-1.4.5/base_stat_ipaddr.php?ip=0.0.0.0&netmask32> >>>>> IP >>>>> >>>>> i see entries when i see a web page. >>>>> can someone help me?? >>>>> >>>>> thanks >>>>> hernani >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>>>> Monitor end-to-end web transactions and take corrective actions now >>>>> Troubleshoot faster and improve end-user experience. Signup Now! >>>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>>>> >>>>> >>>>> _______________________________________________ >>>>> Secureideas-base-user mailing list >>>>> Sec...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>>>> >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Site24x7 APM Insight: Get Deep Visibility into Application Performance >>>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month >>>> Monitor end-to-end web transactions and take corrective actions now >>>> Troubleshoot faster and improve end-user experience. Signup Now! >>>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 >>>> >>>> >>>> _______________________________________________ >>>> Secureideas-base-user mailing list >>>> Sec...@li... >>>> https://lists.sourceforge.net/lists/listinfo/secureideas-base-user >>>> >>> > |
From: hernani c. <her...@ms...> - 2016-01-28 16:25:45
|
hello, sorry i have problems to send messages with other address that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules i use pulledpork and barnyard2 to manage rules, i don't know if pulledpork have that rule enabled. how can i see?? |
From: hernani c. <coe...@sa...> - 2016-01-30 15:09:45
|
nobody can help me? On 28-01-2016 16:25, hernani coelho wrote: > hello, > sorry i have problems to send messages with other address > > that rule are commented ---> # include $PREPROC_RULE_PATH/preprocessor.rules > i use pulledpork and barnyard2 to manage rules, i don't know if > pulledpork have that rule enabled. how can i see?? > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > _______________________________________________ > Secureideas-base-user mailing list > Sec...@li... > https://lists.sourceforge.net/lists/listinfo/secureideas-base-user |