Probably a Dumb Question

[Steve Thompson <stevet () copper net>]

I'm new to actually using SNORT. I have it running in ClearOS 6.

I've tried to figure out how to search to get an answer to my 
question, but this is difficult to google.

What does it mean when snort keeps popping off with rules 
violations and not one of the IP addresses is within your LAN?

The to/from IP addresses can't exist within my LAN.

I would like to think that this is telling me that I have a 
problem with one of the computers/devices within my network. But 
if there is no matching IP address....

So is Snort just triggering on what it sees hitting the ISP's 
port to my gateway? That's kinda dumb.

Or do I have an infected machine running a VPN situation under 
the covers?

Any how, I'm an accidental Linux Admin. I know enough to know I'm 
dangerous.

Regards
Steve.T

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!