Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Not Picking up Much WHY "I am pulling out myhair"

From: "Elijah Savage" <esavage () digitalrage org>
Date: Mon, 13 Oct 2003 06:58:23 -0400
Snort is running on the firewall itself monitoring the outside interface
directly connected to the net. This is why I am amazed that it is not
picking up anything more. I have just checked it again this morning and
nothing but ICMP. And from everything I have read it says snort running
on a firewall will see every packet before pf does and before any
filtering happens.

-----Original Message-----
From: Patrick Harper [mailto:lists () internetsecurityguru com] 
Sent: Sunday, October 12, 2003 9:41 PM
To: Elijah Savage
Cc: Snort-Users
Subject: Re: [Snort-users] Not Picking up Much WHY "I am pulling out
myhair"

do you have any filters set up, if Snort is behind your firewall it will
only see what makes it thorough


On Sun, 2003-10-12 at 17:23, Elijah Savage wrote:

I have setup snort2.0 and Barnyard0.1.0 on my adsl link on my firewall
it is logging to a mysql database on a different machine which is
running ACID but the only thing I seem to be picking up is icmp stuff.

I

have turned on all the rules, as a drastic measure from the inside I
went and visited some pr0n sites and it was not picked up. I am
monitoring the outside interface on the firewall fxp0. I am at a lost.

I

have essentially left everything at the default except for the home

net

and uncommenting all the rules trying to make sure everything is
working. I know my config files are large and can be cut down and

tuned

but I just want to get it working first. In Acid I got 100% ICMP

traffic

and 0% TCP 0%UDP, if anyone can help me understand what I might be

doing

wrong it would be greatly appreciated. This is how I start snort and
Barnyard. 






-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: