Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Log questions

From: Phil <foo_bar_00 () yahoo com>
Date: Wed, 29 Aug 2001 19:37:43 -0700 (PDT)
--- Martin Roesch <roesch () sourcefire com> wrote:

And here's the possible problem.  First off, I'd try
setting
EXTERNAL_NET to 'any' and see if you get detects. 
If that doesn't work,
I'd check that the $ppp0_ADDRESS is picking up the
proper IP/Netmask
from the interface by hard coding it to your local
IP configuration and
seeing if you detect attacks.  If it works when you
hard code it, we
have an issue on x86 Solaris with detecting the ppp
interface IP
address, which wouldn't suprise me in the slightest.


Since it worked in 1.8p1 shouldn't it work in 1.8.1?
Anyway, I've ..sort of.. solved the problem. The
attack.pl scripts don't send any attacks if you're
gaurded by a firewall... I tried an nmap from a remote
box and logs went crazy again. I find it incredibly
bizaree I didn't have one port scan for 5+ days though
on a DSL line with the same IP that entire time. Oh
well, I guess I'm lucky. Sorry to bother you.

Phil


__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: