Snort mailing list archives
Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box!
From: James Lay <jlay () slave-tothe-box net>
Date: Mon, 07 Apr 2014 15:53:27 -0600
On 2014-04-07 15:40, Teo En Ming wrote:
But alerts are not showing up when I ran nessus against my home network. Sigh. Teo En Ming
Teo, I think most first time users of snort fall into this as well. Look at your HOME_NET and EXTERNAL_NET. Mine are: ipvar HOME_NET 192.168.1.0/24 ipvar EXTERNAL_NET !$HOME_NET This says "home_net is my ip addresses, external_net is everything that's NOT my addresses". Now look at almost any snort rule: alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"...... This says "alert if an external_net on any http_ports comes into my home_net on any port". So if you're scanning anything IN HOME_NET TO HOME_NET, nothing will fire. Does that make sense? James ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Teo En Ming (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Jeremy Hoel (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Bjoern Meier (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! James Lay (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Teo En Ming (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! James Lay (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Teo En Ming (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! James Lay (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Teo En Ming (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Jeremy Hoel (Apr 07)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Teo En Ming (Apr 09)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Y M (Apr 09)
- Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box! Teo En Ming (Apr 07)