Snort mailing list archives
seeing whol subnet
From: David Bear <David.Bear () asu edu>
Date: Wed, 18 Dec 2002 09:29:41 -0700
I would like snort to 'see'/'report' on hosts in the whole subnet. I have set my HOME_NET vary to any, and well as trying vx0_ADDRESS and different combinations of the ip/add/subnet (in CIDR block notation). When snort does alert, it only alerts on attacks directed to the host it is running on, ie it does not alert on when any other host is attacked. I am runing on freebsd 4.6.2. While I don't control the wiring and network switches I am reasonaly certain this is a standard 10/mbt shared ethernet port -- so all hosts should be visible. Are there any other config parameters that I am just missing? (I have enabled ALL rules to alert -- even the icmp rule that seem to generate a lot of alert -- still all quiet. I'm not quite ready to believe that my subnet is this quiet... -- David Bear College of Public Programs/ASU Mail Code 0803 ------------------------------------------------------- This SF.NET email is sponsored by: Order your Holiday Geek Presents Now! Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap, MP3 Players, XBox Games, Flying Saucers, WebCams, Smart Putty. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- seeing whol subnet David Bear (Dec 18)
- <Possible follow-ups>
- RE: seeing whol subnet Matt Yackley (Dec 18)
- RE: seeing whol subnet Semerjian, Ohanes (Dec 21)