Re: Snort vulnerability scan detection

[Teo En Ming <teo.en.ming () gmail com>]

Dear Eric G,

My snort sensor is behind a NAT router with Stateful Packet Inspection
(SPI) firewall. My HOME_NET is 192.168.1.0/24. I usually run nmap and
nessus scans from the internal network against my PUBLIC IP address.

Regards,

Teo En Ming


On Mon, Apr 14, 2014 at 11:26 PM, Eric G <eric () nixwizard net> wrote:

> On Apr 14, 2014 11:19 AM, "Teo En Ming" <teo.en.ming () gmail com> wrote:
> > Hi,
> >
> > I ran both nessus and nmap scans. Snort is unable to detect these scans.
>
> Teo I believe you really need to stop assuming Snort is the problem...
> it's very, very likely configuration issues or some issue with the way
> you're feeding data to Snort that is the problem.
>
> Are you only feeding data to Snort on the inside of your network? Is there
> a firewall blocking traffic on the outside, and that's why Snort doesn't
> see the traffic?
>
> If you are feeding outside traffic to Snort, do you have HOME_NET defined
> correctly, meaning do you have your outside IP addresses included in
> HOME_NET?
>
> --
> Eric
> http://www.linkedin.com/in/ericgearhart
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!