RE: newbie configuration issues

[Douglas <douglas () eu kddi com>]

What interface is snort listening on?
Try listening on the bridge0 (-i bridge0), or external interface.

Doug


> Hello All;
>
> I recently installed Snort on an "IDS bridge" using OpenBSD.
>
> The setup is a cable modem. The "IDS bridge" is between the 
> cable modem and 
> the NAT box (another openbsd box). The NAT box is dynamically 
> assigned an 
> IP address in the 68.48.xxx.xxx range by the cable company. 
> The internal 
> network is a 192.168.0.0/24 network.
>
> The snort.conf file is just a default; nothing changed from 
> the original.
>
> The only alerts being logged are those going out from the 
> network, and most 
> of those are false alerts (send a 2k size e-mail, and Snort 
> logs an alert 
> as "Attempted Administrator Priviledge Gain" coming from my 
> ISP assigned IP 
> address 68.48.xxx.xxx). No incoming alerts are being logged.
>
> I know from previous experience that I should be getting 
> script kiddies 
> hitting me 50 times a day, yet no alerts are being generated.
>
> What should I be looking at to get this "pig" to start squeeling?
>
> Paul Greene


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users