Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: No alerts: Good or bad

From: Joerg Weber <j.weber () infos de>
Date: 18 Feb 2003 17:03:25 +0100
Hi Adam,


So, do I assume all is well or are there other
approaches I should take in terms of testing?


create a dummy rule which alerts on traffic from external hosts
connecting to an internal box on some port, then try to do just that
from an external system (provided your firewalls let you go through and
your box actually gets to see the traffic).

If you get an alert then you'r on a quiet segment and your FWs drop the
attacks :) If not, I'd check the setup.

Cheers,

Joerg

-- 
----------------------------------
Joerg Weber
Network Security
InfoServe GmbH
Nell-Breuning-Allee 6
66115 Saarbruecken
T: 0681 - 88008 - 0
F: 0681 - 88008 - 33



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: