Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort.conf network variables

From: Roland RoLaNd <r_o_l_a_n_d () hotmail com>
Date: Wed, 16 Oct 2013 16:35:22 +0200
Just finished compiling 2.9.5.5 on debian wheezy, planning to use it inline with iptables.
eth0  is on the ISP sideeth1 LAN interface.
i changed the HOME_NET to my lan subnet. and did necessary changes to RULE_PATH to reflect my structure. 
when i start snort in testing mode.. ( snort -A console -q -u snort -g snort -c /etc/snort/snort.conf -i eth0 ) nothing 
shows as alert. (i used pulledpork to retrieve 2.9.3.1 rules). even though i used nmap to scan the full range of ports.

the only time that an alert is given is if i add a rule with " any any > any any " such as :alert icmp any any -> any 
any (msg:"ICMP test"; sid:10000001; rev:1;)
What am i missing ?



                                          
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: