Re: Snort vulnerability scan detection

[Leonardo Pezente <lmpezente () gmail com>]

Well, why dont you set your HOME_NET the actual ip adress of the snort
machine and try again? one think that was write above is that if you scan a
machine inside on your HOME_NET from an ip of the same network, it will not
work. But if you set only one ip, it will detect the scan that hit that ip,
from other machines. Other thing you shoud check is if the scan rules is
actually active.


2014-04-14 20:37 GMT-03:00 waldo kitty <wkitty42 () windstream net>:

> On 4/14/2014 2:57 PM, Teo En Ming wrote:
> > Dear waldo kitty,
> >
> > Can you help me scan my network?
>
> i'm sorry but i do not perform penetration testing without a contract...
> however, there are sites on the 'net that you can go to that do offer scan
> testing... i'm not sure what search terms to use to find them, though...
>
> > Thank you.
>
> you are welcome... at least for the little i can offer you right now ;)
>
> > Teo En Ming
> >
> >
> > On Tue, Apr 15, 2014 at 1:19 AM, waldo kitty <wkitty42 () windstream net
> > <mailto:wkitty42 () windstream net>> wrote:
> >
> >     On 4/14/2014 11:37 AM, Teo En Ming wrote:
> >      > Dear Eric G,
> >      >
> >      > My snort sensor is behind a NAT router with Stateful Packet
> Inspection (SPI)
> >      > firewall. My HOME_NET is 192.168.1.0/24 <http://192.168.1.0/24>
> >     <http://192.168.1.0/24>. I usually run
> >      > nmap and nessus scans from the internal network against my PUBLIC
> IP address.
> >     that means that your scans are HOME_NET -> HOME_NET *IF* you have
> your external
> >     public address listed in your HOME_NET...
> >
> >     if you do not have your public address in your HOME_NET then you are
> scanning
> >     HOME_NET -> EXTERNAL_NET...
> >
> >     in both cases, if you are expecting EXTERNAL_NET -> HOME_NET rules
> to fire, you
> >     are misunderstanding how the rules work... you have to scan from a
> machine that
> >     is outside your HOME_NET...
>
>
>
> --
> NOTE: No off-list assistance is given without prior approval.
>        Please keep mailing list traffic on the list unless
>        private contact is specifically requested and granted.
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!