Snort mailing list archives
Re: Couple of questions.
From: Jeremy Hoel <jthoel () gmail com>
Date: Mon, 9 Jun 2014 18:26:58 -0400
A nessus scan may or may not trigger alerts depending on the plugins you used to scan, the services you have listening and any firewalls or iptables rules that might be in place. Which interface you have snort listening on is a matter of preference and what you are hoping to see/alert on. If it's your gateway doing NAT and you monitor the wan interface, you won't get the client IP's that might be sending out bad things, or the client ip's that bad things talk too. If you watch just the inside and it's secure then it might be boring. In either case, you will have to do rule filtering, adjusting and white listing/thresholds of things you don't want to see, alerts you don't care about or machines that are false positives. Snort is not just a turn it on and go thing. The fact that you see alerts means it's working, now it's up to you to figure out what type of alerts you want to see and from where.
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Couple of questions. Allan (Jun 09)
- Re: Couple of questions. Jeremy Hoel (Jun 09)
- Message not available
- Message not available
- Message not available
- Re: Couple of questions. Jeremy Hoel (Jun 09)
- Message not available
- Re: Couple of questions. Jeremy Hoel (Jun 09)