Only thing logged is IMAP requests

[Phil <foo_bar_00 () yahoo com>]

Hey all,

I've included all the necessary version information
below, but I'm going to start with my question.

The only log file that I'm seeing is for my own
external IP address, and it's for IMAP requests.... I
have TONS of logs for IMAP requests and they all look
like this:

[**] spp_stream4: EVASIVE RST detection [**]
07/31-20:10:10.494273 my.external.ip.addr:34129 ->
my.imap.server.outside:143
TCP TTL:254 TOS:0x0 ID:26746 IpLen:20 DgmLen:54 DF
*****R** Seq: 0xE955B9AE  Ack: 0x0  Win: 0x8000 
TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

The setup is this:
4 machines inside a NAT'd LAN.
Snort running on the external interface of the
NAT/firewall box.
ADSL connection with dynamic IP (virtual interface
ppp0)
Solaris 8 x86 4/01
Snort 1.8p1
variables from snort.conf:
var HOME_NET $ppp0_ADDRESS
var EXTERNAL_NET !$HOME_NET
Command used to start snort:
/usr/local/bin/snort -A fast -s -i ppp0 -l
/var/log/snortlogs -c /etc/snort/snort.conf -D

Phil

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users