Martin, Greg | 8 Sep 19:46 2014

502.2 Bad Gateway Error Message

I’m getting a 502.2 bad gateway error when trying to test out PHP in a web browser.  I double-checked my PHP.INI file to make sure that I didn’t miss anything and it looks good.  I also went into IIS and looked at the setup there under Message Handler and that also looks good.  I restarted the IIS service as well.  Could someone help me out on this?

 

Greg Martin

Technology Advancement Officer

Integrity Bank

717-920-3697 (office)

717-395-5983 (cell)

gmartin <at> integritybankonline.com

More.Faster.Better

                                                             Pennsylvania's Best Bank

 

This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed.  If you have received this email in error please delete the message and notify the originator.

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
amir levinzon | 8 Sep 12:44 2014
Picon

most usfull snort rules

Hey all ,
I'm  trying to program a small sniffer that will be using the structure of snort rules.
I want it to be very small so I need rally compact code(I will use C probably ).
So i wanted to know two things.
A. is there a place the specific which of the snort rules are the most usefull, meaning what are the most pupullar "packets" that will be detect for the avrege web user? for the begining somthing about 20 rules will be enouge .
B. I need to parse the rules into a data structure .I search in forums but i  havn't found what is the actual structure that snort use and how the packet is being parse so it "feets" the strcuture of the rule....can somone recommend on data structure ? about parser?
Best regards,Amir
------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
sashank | 8 Sep 08:17 2014
Picon

Is this claim still true for portscan detection in Snort ?

Hi ,

This paper[1] talks about a "fast port scan detection engine" and the technique is popularly known as a Threshold Random Walking(TRW).
They claim that Snort's approach has " the drawback that once the window
size is known it is easy for attackers to evade detection by
simply increasing their scanning interval.


Now th is paper is 10 years old and talks about Snort 2.0.2. There have been many recent advances in port scan detection like TRW and BLR implemented in [2].

I see that the portscan detection technology has matured a lot . 

What is the latest on Snort's port scan detection technology?  I see that at least the documentation of port scanning is not touched since 2004. Am not sure of the code.

Regards,
Sashank


  1. Jung, Jaeyeon, et al. "Fast portscan detection using sequential hypothesis testing." Security and Privacy, 2004. Proceedings. 2004 IEEE Symposium on. IEEE, 2004.
  2. https://tools.netsa.cert.org/silk/rwscan.htm

------------------------------------------------------------------------------
Want excitement?
Manually upgrade your production database.
When you want reliability, choose Perforce
Perforce version control. Predictably reliable.
http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Matt M. | 5 Sep 23:15 2014
Picon

Snorby Setup Issue

Hey Guys!

Getting the error below and can't see what I'm doing wrong... =/

Silk:snorby m$ sudo gem install dm-postgres-adapter

Successfully installed dm-postgres-adapter-1.2.0

1 gem installed

Silk:snorby m$ sudo bundle exec rake snorby:setup

No time_zone specified in snorby_config.yml; detected time_zone: America/Chicago

rake aborted!

cannot load such file -- dm-postgres-adapter

Tasks: TOP => snorby:setup => environment

(See full trace by running task with --trace)


Maybe this is an issue with my database config file?
--
M, CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Picon

Re: Error: failed to initialize dynamic preprocessor: SF_DCERPC version 1.1.5

Hi Guys,

 

Could you help with this issue:

 

Error: failed to initialize dynamic preprocessor: SF_DCERPC version 1.1.5 (-1) Fatal Error, Quitting…

 

I´m using snort Version 2.9.6.2-WIN32 GRE (Build 77). I´m attaching the information about sf_dcerpc.dll

 

 

Thanks, I hope your help.

Fernando

 

 

 

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
THE WAR | 5 Sep 17:27 2014
Picon

Log: Alter folder with local IP address for attacker addres (snort for win).

hi all,

Snort create folder in /log with my ip address after one incident, cant I alter this default for create this folder with attacker ip instead?

sorry my bad english.

tks for all.
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Sec Aficionado | 5 Sep 01:26 2014
Picon

Cannot build afpacket module for DAQ 2.0.2

Hello,

I have been trying to build the afpacket module using DAQ 2.0.2 on a Linux machine with kernel 2.6.32, but the ./configure script refuses to enable it. Even using the option --enable-afpacket-module=yes yields the same result:

Build AFPacket DAQ module.. : no
Build Dump DAQ module...... : yes
Build IPFW DAQ module...... : yes
Build IPQ DAQ module....... : yes
Build NFQ DAQ module....... : yes
Build PCAP DAQ module...... : yes

Everything else builds without problem, and snort is actually running on the system as IDS, but I was trying to configure it to run as IPS, in order to compare performance between the configurations suggested in the documents "Changing from IDS to IPS with NFQueue" by James Lay and "Snort IPS using DAQ AFPacket" by Yaser Mansour.

Here's some information about the system

gcc v 3.3.5
Libpcap v 1.5.3
PCRE v 7.8 2008-09-05
ZLIB v 1.2.3
libmnl v 1.0.1
libnfnetlink v 1.0.1
libnetfilter_queue v 1.0.1

I tried building/re-building libdnet 1.11 and 1.12 in the system. They both build and install but neither changes the behavior of DAQ's configure.

Now my question is: is this an expected outcome with these older versions of kernel and gcc? If not, please suggest where to look next? As I mentioned, all the packages build, install and run, but the afpacket module is the only one that refuses to build.

Thanks in advance for your help/guidance.
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Matt M. | 4 Sep 21:38 2014
Picon

Re: Analyzing Snort Alerts and EMailing

Sharif,

I may take you up on that offer if I'm unsuccessful.  At the moment I've got Barnyard2, Snort, and PulledPork setup.  I just ran into an error when trying to get postgreSQL up, after running gem install pg... which I haven't had time to research just yet.  

Thank you for the offer and I'll definitely reach out to you if I can't get this going.


On Thu, Sep 4, 2014 at 4:25 AM, Sharif Uddin <Sharif.Uddin <at> spectrumasa.com> wrote:

I just recently installed snort, barnyard2, snorby on centos 7, however im using it as an IDS

 

If you want instructions on how to install and set up I can email it.

 

 

 

From: Jeremy Hoel [mailto:jthoel <at> gmail.com]
Sent: 03 September 2014 19:17
To: Matt M.


Cc: snort-users
Subject: Re: [Snort-users] Analyzing Snort Alerts and EMailing

 

Sagan is not needed

barnyard shouol dbe first.. get events into a DB (mysql)

Then get snorby next (and all the parts that go with it - http, ruby, rails, wkhtmltopdf, etc)

 

 

On Wed, Sep 3, 2014 at 12:11 PM, Matt M. <mr10001 <at> gmail.com> wrote:

I apologize for my ignorance here...  trying to get everything straight in my head.

 

I would like to try to setup Snorby to begin with, which requires a few prereqs (snort, git, ruby, sagan, etc.)  Not too worried about those.

 

However, I will also need to install a database and/or a web server, correct?  Does Barnyard play into this at all?

 

So to sum it all up, I would have to install the following to have Snorby up and running (minus the custom configurations):

 

1. Snort

2. Sagan

3. GIT

4. Ruby

5. Rails

6. ImageMagick

7. Wkhtmltopdf

8. Web Server (Apache?)

9. Database (PostgreSQL?)

 

Thanks again! 

 

 

On Wed, Sep 3, 2014 at 12:57 PM, Weir, Jason <jason.weir <at> nhrs.org> wrote:

From the article

 

It hasn't been actively developed since about 2003”

 

It’s a little dated – but will do what you asked for..

 

-J

 

From: Matt M. [mailto:mr10001 <at> gmail.com]
Sent: Wednesday, September 03, 2014 1:47 PM
To: Weir, Jason
Cc: snort-users
Subject: Re: [Snort-users] Analyzing Snort Alerts and EMailing

 

Nice, thanks man, I just found this article...

 

 

This was from 2011, hopefully it's not out of date... =/ 

 

On Wed, Sep 3, 2014 at 12:45 PM, Weir, Jason <jason.weir <at> nhrs.org> wrote:

Base (http://base.professionallyevil.com/) – Sure - it’s old, outdated and hasn’t been updated in quite a while but still works.

 

From: Matt M. [mailto:mr10001 <at> gmail.com]
Sent: Wednesday, September 03, 2014 1:36 PM
To: snort-users
Subject: [Snort-users] Analyzing Snort Alerts and EMailing

 

Hello All,

 

I was wondering if anyone might be willing to recommend a good GUI tool for interacting with snort alerts and a process for having alerts automatically emailed?

 

At the moment I'm looking at ACID and I'm curious if this is my best bet.  I would prefer to use a database over a script.

 

I'm using OSX as well, so any tips would be greatly appreciated.

 

Thank you,
--

M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler



 

--

Matt M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler



 

--

Matt M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler


------------------------------------------------------------------------------
Slashdot TV.
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

 


IMPORTANT - This message and any attached files contain information intended for the exclusive use of the party or parties to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law. If you are not an intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction. Please notify the sender immediately and delete the original message without making any copies. Copyright in this email and any attachments belong to Spectrum Geo Limited.
We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses or damages that you may suffer as a result of your receipt of this email.
Email communication with Spectrum Geo Ltd., may be monitored as permitted by UK legislation.
Spectrum Geo Limited, is a limited company registered in England and Wales. Registered number: 1979422. Registered office: 95 Aldwych, London WC2B 4JF.



--
Matt M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Mike Jendrejcak | 3 Sep 20:22 2014
Picon

Auto Response

This account is no longer active.

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Mike Jendrejcak | 3 Sep 20:02 2014
Picon

Auto Response

This account is no longer active.

------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Matt M. | 3 Sep 19:35 2014
Picon

Analyzing Snort Alerts and EMailing

Hello All,

I was wondering if anyone might be willing to recommend a good GUI tool for interacting with snort alerts and a process for having alerts automatically emailed?

At the moment I'm looking at ACID and I'm curious if this is my best bet.  I would prefer to use a database over a script.

I'm using OSX as well, so any tips would be greatly appreciated.

Thank you,
--
M., CISSP, GCFE, GCFA

To disagree leads to study, to study leads to understanding, to understand is to appreciate, to appreciate is to love. So maybe I’ll end up loving your theory.” -John Wheeler
------------------------------------------------------------------------------
Slashdot TV.  
Video for Nerds.  Stuff that matters.
http://tv.slashdot.org/
_______________________________________________
Snort-users mailing list
Snort-users <at> lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Gmane