Snort mailing list archives
Re: Log questions
From: Phil <foo_bar_00 () yahoo com>
Date: Wed, 29 Aug 2001 19:37:43 -0700 (PDT)
--- Martin Roesch <roesch () sourcefire com> wrote:
And here's the possible problem. First off, I'd try setting EXTERNAL_NET to 'any' and see if you get detects. If that doesn't work, I'd check that the $ppp0_ADDRESS is picking up the proper IP/Netmask from the interface by hard coding it to your local IP configuration and seeing if you detect attacks. If it works when you hard code it, we have an issue on x86 Solaris with detecting the ppp interface IP address, which wouldn't suprise me in the slightest.
Since it worked in 1.8p1 shouldn't it work in 1.8.1? Anyway, I've ..sort of.. solved the problem. The attack.pl scripts don't send any attacks if you're gaurded by a firewall... I tried an nmap from a remote box and logs went crazy again. I find it incredibly bizaree I didn't have one port scan for 5+ days though on a DSL line with the same IP that entire time. Oh well, I guess I'm lucky. Sorry to bother you. Phil __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Log questions Phil (Aug 06)
- RE: Log questions Jyri Hovila (Aug 06)
- Re: Log questions Martin Roesch (Aug 06)
- <Possible follow-ups>
- Re: Log questions Phil (Aug 18)
- Re: Log questions Martin Roesch (Aug 18)
- Re: Log questions Phil (Aug 29)
- Re: Log questions Martin Roesch (Aug 29)
- Re: Log questions Phil (Aug 29)
- Re: Log questions Martin Roesch (Aug 18)