Snort mailing list archives
Re: No alerts: Good or bad
From: Joerg Weber <j.weber () infos de>
Date: 18 Feb 2003 17:03:25 +0100
Hi Adam,
So, do I assume all is well or are there other approaches I should take in terms of testing?
create a dummy rule which alerts on traffic from external hosts connecting to an internal box on some port, then try to do just that from an external system (provided your firewalls let you go through and your box actually gets to see the traffic). If you get an alert then you'r on a quiet segment and your FWs drop the attacks :) If not, I'd check the setup. Cheers, Joerg -- ---------------------------------- Joerg Weber Network Security InfoServe GmbH Nell-Breuning-Allee 6 66115 Saarbruecken T: 0681 - 88008 - 0 F: 0681 - 88008 - 33 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- No alerts: Good or bad Adam Shephard (Feb 18)
- Re: No alerts: Good or bad Erek Adams (Feb 18)
- Re: No alerts: Good or bad Adam Shephard (Feb 19)
- Re: No alerts: Good or bad Erek Adams (Feb 19)
- Re: No alerts: Good or bad Adam Shephard (Feb 19)
- Re: No alerts: Good or bad Joerg Weber (Feb 18)
- Re: No alerts: Good or bad Erek Adams (Feb 18)