Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ipchains questions

From: Blake Frantz <blake () mc net>
Date: Fri, 24 Aug 2001 16:32:51 -0500 (CDT)


Is your snort sensor hung off a switch or hub ?  if it's off a switch
then you won't see anything destined to other boxes unless you port
mirror.

-blake

================================================================= 
The Government, like diapers, should be replaced regularly, and
often for the same reasons. 

On Fri, 24 Aug 2001, Darrin Powell wrote:




   Ok here is my scenario I have a box outside the firewall with a deny all 
ipchians approach running snort. If I scan that box snort picks it up. In my 
snort rules I have multiple ip address that I want snort to monitor. 

 var HOME_NET [111.111.111.112,111.111.111.113,111.111.111.114]


The rest of the configuration is pretty much default for snort-1.8p1-0. Other 
than location of rules and conf file.

These other machines have ipchains as well with a deny all approach. If I 
scan any of those boxes snort does not pick it up. Should snort pick up these 
other machines or do I have to change my ichains so they can see eachother?






 Thanks in advance 
Darrin


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: