RE: Is this config. ok

["Wirth, Jeff" <WirthJe () DNB com>]

Kenny,

> An external scan didnt create any alerts

Are you hosting any public services?  Does your firewall configuration allow
inbound initiated sessions?  Or only NAT'd outbound? 

> but how can i be sure it all works

Search the snort-user archive and you should find a few threads on snort/ids
testing tools.

- Jeff


-----Original Message-----
From: Kenny D [mailto:bitored2002 () yahoo com au]
Sent: Wednesday, February 20, 2002 12:03 PM
To: snort users
Subject: [Snort-users] Is this config. ok


Hi,

I have setup snort and it is very quiet. I just want
to make sure everything i done is correct. I have set
it up as follows

internet -- router --- (public ip
outside)pix(inside172.16.1.1) --- (172.16.1.2)
3005Concentrator (172.17.1.1) --- my inside network on
172.17.1.0

My snort machine is monitoring all traffic coming from
the pix inside interface, i am using span port
mirroring on my switch. When i turn on alert tcp any
any -> any any i do see plenty of traffic going back
and forward. However when i turn it off it is very
quiet. I assume my router and firewall is doing a good
job but how can i be sure it all works. An external
scan didnt create any alerts. I set my home network in
snort to 172.17.1.0

Can anyone help me here?

Thanks. 

http://movies.yahoo.com.au - Yahoo! Movies
- Vote for your nominees in our online Oscars pool.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users