Snort mailing list archives

Previous By Date Next
Previous By Thread Next

seeing whol subnet

From: David Bear <David.Bear () asu edu>
Date: Wed, 18 Dec 2002 09:29:41 -0700
I would like snort to 'see'/'report' on hosts in the whole subnet.  I have set my HOME_NET vary to any, and well as 
trying vx0_ADDRESS and different combinations of the ip/add/subnet (in CIDR block notation).  When snort does alert, it 
only alerts on attacks directed to the host it is running on, ie it does not alert on when any other host is attacked.  
I am runing on freebsd 4.6.2.  While I don't control the wiring and network switches I am reasonaly certain this is a 
standard 10/mbt shared ethernet port -- so all hosts should be visible.

Are there any other config parameters that I am just missing? (I have enabled ALL rules to alert -- even the icmp rule 
that seem to generate a lot of alert -- still all quiet.  I'm not quite ready to believe that my subnet is this quiet...

--

David Bear
College of Public Programs/ASU
Mail Code 0803


-------------------------------------------------------
This SF.NET email is sponsored by: Order your Holiday Geek Presents Now!
Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap,
MP3 Players,  XBox Games,  Flying Saucers,  WebCams,  Smart Putty.
T H I N K G E E K . C O M       http://www.thinkgeek.com/sf/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: