Snort mailing list archives
Windows + Snort + ISA server question
From: "Chris Willis" <cwillis () chriswillis tzo com>
Date: Tue, 15 Oct 2002 05:49:59 -0700
System: Win2K server SP3 Microsoft ISA server SP1 Snort 1.9.0 4 Windows Oct 2002 snort stable rules MySQL 3.23.52 Acid 0.96B WinPCAP 2.3 Acid is showing plenty of alerts generated from my internal network (proxy scans by firewall clients, for example). However, I have no alerts generated from the internet. I run snort using '-i 1 -c snort.conf -l c:\snort\logs' (1 is my interface plugged into the router). I have run Shadowscan + NetIQ security scanners against my machine, plus a regular port scan. Not a single alert was generated, even though both security scanners reported back correctly with open ports, OS fingerprint, vulernabilities, etc... Any ideas? I did notice that WinPCAP does not show in the NIC properties dialoge boxes. Should I revert to 2.02 (which did show up in my NIC properties). Chris ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Windows + Snort + ISA server question Chris Willis (Oct 15)