Snort mailing list archives
Re: FW: Sending Alert Via E-mail
From: John Sage <jsage () finchhaven com>
Date: Fri, 23 Nov 2001 22:48:31 -0800
Fadzly: Fadzly Zainuddin wrote:
Dear Friend, I'm connecting my Snort IDS machine together my mail server in the same hub.
So the IDS and the mail server are two different boxes, conncected through the hub?
I just wonder why my IDS could not detect anything when I scan my mail server port. When I scan IDS machine port , my IDS able to detect. I send a port scanning request from external PC. Theoretically when I scan my mail server, my IDS machine should receive a same thing because hub will broadcast right?
If I understand the topology, no.I don't remember the details (the brands..), but it's been discussed that a "hub" is often functionally a switch; in other words, no, some hubs do not broadcast any packet received out all other ports.
Sorry I don't remember which brands/models are like this...
Am I correct or I need the specified a special command.Current my command is./snort -dev -l ./log -h xxx.xxx.xxx.0/24 -c snort.conf
I don't think this has anything to do with it, unless you can verify that the hub you're using *does* pass all packets received out all ports.
In that case it may have something to do with your home network definition, and the way the rule sets you are using are affected by the home network...
..but I'm betting it's the "hub". HTH.. - John _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sending Alert Via E-mail Fadzly Zainuddin (Nov 04)
- Re: Sending Alert Via E-mail Erek Adams (Nov 04)
- Re: Sending Alert Via E-mail Jason Haar (Nov 05)
- <Possible follow-ups>
- RE: Sending Alert Via E-mail Kresna Prawira (Nov 05)
- Re: Sending Alert Via E-mail niceshorts (Nov 05)
- FW: Sending Alert Via E-mail Fadzly Zainuddin (Nov 23)
- Re: FW: Sending Alert Via E-mail John Sage (Nov 23)
- Re: FW: Sending Alert Via E-mail Erek Adams (Nov 25)
- RE: FW: Sending Alert Via E-mail Frank Knobbe (Nov 24)