Snort mailing list archives
RE: As a newbie, two questions
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Fri, 3 May 2002 11:32:50 -0400
Assuming that 1) you're HOME_NET variable is set correctly, and 2) your sensor is properly placed on a monitoring port on your switch, then snort should detect nmap scans destined for any machine within the HOME_NET scope. And you can start snort from the command line and see which include files are loading, as well as the total number of rules loaded at initialization. Cheers Keith -----Original Message----- From: Emanuele Salvador [mailto:lele () profim florida it] Sent: Friday, May 03, 2002 11:25 AM To: snort-users () lists sourceforge net Subject: [Snort-users] As a newbie, two questions I recently installed on a Linux box (Redhat 7.2) snort and acid, following the instructions (kindly provided on http://www.sfhn.net/whites/snort_acid-rpm.html) by Mr. Mark Johnson. The installation went straightforward and everything seems to work. But... 1) snort seems to detect portscans from nmap only on the host where snort runs. Is this a normal behaviour? It is not clear for me if snort should detect portscans on all the net (or if it should not detect portscans at all). 2) I've not been able to verify if my snort.conf loads correctly. Is there a way to see what rules are loaded? Thanks to all, Emanuele Salvador "The stars are matter, we're matter. But it doesn't matter." - Don Van Vliet - _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- As a newbie, two questions Emanuele Salvador (May 03)
- Re: As a newbie, two questions Erek Adams (May 03)
- <Possible follow-ups>
- RE: As a newbie, two questions McCammon, Keith (May 03)
- Re: As a newbie, two questions Emanuele Salvador (May 03)
- RE: As a newbie, two questions McCammon, Keith (May 03)