Snort mailing list archives
Re: series of questions
From: John Sage <jsage () finchhaven com>
Date: Sun, 05 Aug 2001 09:06:30 -0700
Succendo: succendo wrote:
this is prolly a really stupid user error or maybe there all related but here it goes. first of all, I'm running snort on a linux ipmasq (or nat) server with 2 nics one (eth0) is the connection out, and one (eth1) is my internal lan. if I set it up to monitor eth1 and then do something to anger it, like a portscan from an internal box it reacts, but when its configured to watch eth0 and I attempt to anger it using a shell it doesn't react at all. when it is killed it says that it saw the packets but no alerts.
Does it respond at all to normal traffic? If you set up some generic rules, say, that just log *everything*, and go about your business for a while (email, surf...) what does snort see?
Do you have $HOME_NET set correctly? Are you starting snort with -i eth0 in your commmand line?And when you say you're poking eth0 from a shell, that's still on your internal net, isn't it?
also I'm running it on a 486 sx with 10 megs of ram the bandwidth is comperable to a t1 down stream but up stream is only 15 kbps. is that enough horse power? thanks alot.
I don't think horsepower is the issue right now, but it may become one. My firewall/snort box is a Pentium 150 with 96MB ram but it's on a dialup...
...an *SX* with 10MB? And when you say "..a t1 down stream.." do you mean going *out*? urrmm.. I dunno. Could be dicey. - John -- John Sage FinchHaven, Vashon Island, WA, USA http://www.finchhaven.com/ mailto:jsage () finchhaven com "The web is so, like, five minutes ago..." _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- series of questions succendo (Aug 04)
- Re: series of questions John Sage (Aug 05)
- <Possible follow-ups>
- Re: series of questions jrd (Aug 05)
- Re: series of questions Alex David Shadrach Hooper (Aug 06)
- Re: series of questions Alex David Shadrach Hooper (Aug 06)
- Re: series of questions Alex David Shadrach Hooper (Aug 06)