Snort mailing list archives
Re: Is this config. ok
From: Kenny D <bitored2002 () yahoo com au>
Date: Thu, 21 Feb 2002 23:28:04 +1100 (EST)
Hi, By very quiet i mean no alerts whatsoever, i assume a). my router and firewall is doing a good or b). i have do something wrong. When i an a rule for any traffic coming in i see plenty going on so maybe my config is ok. An external scna using superscan gave nothing. The snort options i use are as follows c:\snort.exe -c c:\snort\snort.conf -h 172.17.1.0/24 -i 1 Does this all sound rerasonable, Appreciate your comments. --- Mike_Sands () elementk com wrote: >
It sounds like you have everything set up correctly.
By "very quiet" do you
mean that there are no alerts at all? If you did
some sort of nmap scan of
the internal network I really should show up in your
portscan.log file.
Just for Yuks you may want to try and set your home
network to 'any' and
scan again. Also how are you running snort? What
flags are you using on the
command line?
Mike Sands
Security / Network Engineer
Office: (585) 214-1936
Fax: (585) 295-7162
Cell: 716-303-3245
Element K
'the knowledge catalyst'
www.elementk.com
Kenny D
<bitored2002 () yahoo com au>
To: snort users
<snort-users () lists sourceforge net>
Sent by:
cc:
snort-users-admin@lists.sourc
eforge.net
Subject: [Snort-users] Is this config. ok
02/20/2002 12:02 PM
Hi,
I have setup snort and it is very quiet. I just want
to make sure everything i done is correct. I have
set
it up as follows
internet -- router --- (public ip
outside)pix(inside172.16.1.1) --- (172.16.1.2)
3005Concentrator (172.17.1.1) --- my inside network
on
172.17.1.0
My snort machine is monitoring all traffic coming
from
the pix inside interface, i am using span port
mirroring on my switch. When i turn on alert tcp any
any -> any any i do see plenty of traffic going back
and forward. However when i turn it off it is very
quiet. I assume my router and firewall is doing a
good
job but how can i be sure it all works. An external
scan didnt create any alerts. I set my home network
in
snort to 172.17.1.0
Can anyone help me here?
Thanks.
http://movies.yahoo.com.au - Yahoo! Movies
- Vote for your nominees in our online Oscars pool.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
http://movies.yahoo.com.au - Yahoo! Movies - Vote for your nominees in our online Oscars pool. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Is this config. ok Kenny D (Feb 20)
- <Possible follow-ups>
- RE: Is this config. ok Wirth, Jeff (Feb 20)
- Re: Is this config. ok Kenny D (Feb 21)
- Re: Is this config. ok Kenny D (Feb 21)
- Re: Is this config. ok Mike_Sands (Feb 21)
- Re: Is this config. ok Kenny D (Feb 21)
- Re: Is this config. ok Kenny D (Feb 21)