Windows + Snort + ISA server question

["Chris Willis" <cwillis () chriswillis tzo com>]

System:

Win2K server SP3
Microsoft ISA server SP1
Snort 1.9.0 4 Windows
Oct 2002 snort stable rules
MySQL 3.23.52
Acid 0.96B
WinPCAP 2.3

Acid is showing plenty of alerts generated from my internal network 
(proxy scans by firewall clients, for example).  However, I have no 
alerts generated from the internet.

I run snort using '-i 1 -c snort.conf -l c:\snort\logs' (1 is my 
interface plugged into the router).  I have run Shadowscan + NetIQ 
security scanners against my machine, plus a regular port scan.  Not a 
single alert was generated, even though both security scanners reported 
back correctly with open ports, OS fingerprint, vulernabilities, etc...

Any ideas?  I did notice that WinPCAP does not show in the NIC properties 
dialoge boxes.  Should I revert to 2.02 (which did show up in my NIC 
properties).

Chris




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users