My settings and output of 3 test on snort, is this normal?

["mike Hughes" <mikehughes013 () hotmail com>]

Hey Guys,
I got SNORT up and running :)))))I just have been playing around with it and 
running some test: i will give you my LAYOUT first of my network and my 
snort.conf file.

***1 FIREWALL(IPTABLES"DEFAULT POLICY SET TO DROP")Connected to the internet 
+ running SNORT on it + DNS Server for my LAN***

***And behind that machine i have 2 windows computers on my LAN***
INTERNET--->FIREWALL(SNORT)---->LAN

First just to see if it was working properly i pinged the firewall machine 
from a machine on a different network with the SIZE set to 65500 and SNORT 
picked it up :)

1>But then i went to www.GRC.com and PROBED my PORTS from a windows machine 
on the LAN and my FIREWALL machine and SNORT DIDNT pick that up?

2>Then i ran "NMAP -sS -P0 -v -p 1-1024 111.111.111.111" from a machine on a 
differnt network and i got like "10-15 alerts" like this in "TCP ICMP" but 
nothing in "portscan"

3>Somehting like 5 each of these is this normal for a acan like that???
SNMP request tcp
SNMP trap tcp
SNMP AgentX/tcp request

var HOME_NET any
var EXTERNAL_NET $eth0_ADDRESS
var DNS_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var TELNET_SERVERS $HOME_NET
var HTTP_PORTS 80
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521
var AIM_SERVERS 
[64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
preprocessor frag2
preprocessor stream4: detect_scans, disable_evasion_alerts
preprocessor stream4_reassemble
preprocessor http_decode: 80 unicode iis_alt_unicode double_encode 
iis_flip_slash full_whitespace
preprocessor rpc_decode: 111 32771
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor conversation: allowed_ip_protocols all, timeout 60, 
max_conversations 32000
output database: log, mysql, user=snort password=:) dbname=snort 
host=127.0.0.1
include classification.config
include reference.config
include bad-traffic.rules
include exploit.rules
include scan.rules
include finger.rules
include ftp.rules
include telnet.rules
include rpc.rules
include rservices.rules
include dos.rules
include ddos.rules
include dns.rules
include tftp.rules
include web-cgi.rules
include web-coldfusion.rules
include web-iis.rules
include web-frontpage.rules
include web-misc.rules
include web-client.rules
include web-php.rules
include sql.rules
include x11.rules
include icmp.rules
include netbios.rules
include misc.rules
include attack-responses.rules
include oracle.rules
include mysql.rules
include snmp.rules
include smtp.rules
include imap.rules
include pop3.rules
include pop2.rules
include nntp.rules
include other-ids.rules
include experimental.rules
include local.rules






_________________________________________________________________
Add photos to your messages with MSN 8. Get 2 months FREE*.  
http://join.msn.com/?page=features/featuredemail



-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users