Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Packets being alerted with other hosts, but not the localhost with Snort on it

From: wkitty42--- via Snort-users <snort-users () lists snort org>
Date: Sun, 9 Sep 2018 04:31:59 -0400
On 09/08/2018 07:18 PM, John Byrne via Snort-users wrote:

Hi Everyone,
I’ve spent all day on this and I can’t find the problem.  I’m sure it’s got to be a configuration issue, but I can’t find it.  I’m having a problem with snort detecting packets being sent out of the host that snort is running on.  The other hosts create an alert fine, just not the snort host.  Is there some sort of localhost configuration setting I’m missing somewhere?
ummm... localhost is not included in $HOME_NET and the only rule i see enabled that might catch localhost originated packets is your 10000024 but you've limited it to IGMP so...
with that, yes and no, it is and is not a configuration error... it is if you expect localhost to be included in HOME_NET... it is not if you remember localhost is not covered by HOME_NET... 


--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: