Snort mailing list archives
RE: How do we detect intrusions from an IP ?
From: "Harper, Patrick" <patrick.harper () phns com>
Date: Thu, 22 Jul 2004 07:08:44 -0500
Put your internal range as the IP range of your internal network, fill in all the variables as best as possible. I put external net as !HOME_NET (everything but what is defined as home_net) and monitor with a front-end, ACID, or Aanval. I am assuming you are wanting to check for the possibilities of outside intrusions. -----Original Message----- From: msalmanf () students ee itb ac id [mailto:msalmanf () students ee itb ac id] Sent: Wednesday, July 21, 2004 9:02 PM To: snort-users () lists sourceforge net Subject: [Snort-users] How do we detect intrusions from an IP ? Hello all... I am a snort beginner, How do we know or detect intrusions from an IP connecting to local area network. For example if we have IP range 192.168.0.1 - 192.168.0.5 (I filled var HOME_NET any in /etc/snort/snort.conf) How do we check whether 192.168.0.3 has some intrusions/alerts or not ? Thank you, Regards, Salman ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id040&op,ick _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?listžort-users Disclaimer: This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How do we detect intrusions from an IP ? msalmanf (Jul 21)
- <Possible follow-ups>
- RE: How do we detect intrusions from an IP ? Harper, Patrick (Jul 22)