Snort mailing list archives

Snort config and setup Need you help - Please!

From: "Arthur Chilipweli" <achilipweli () cox net>
Date: Wed, 13 Jul 2005 03:27:27 -0500

Hi,
Please Someone may be able to guide me in the right direction ( I am a new
bee on snort and Unix) I am not sure where I am going wrong I have Installed
Snort on a 1.3 Mhz PC with 512 RAM, and is working fine (logging traffic
towards the box and the NIC where is installed), but my problem I have is
the only traffic I can see and is getting logged is only towards the box I
have snort installed, brief setup I have is like this

I have three machines Win 2000, Win Adv serve 2003 and Fedora core 3(Snort
is installed) all have 1 NIC in them, all Connected to a hub and the hub is
connected to my Router and to my Cable Modem, I thought (but may be I am
wrong) that snort will be able to log all traffic on my tiny network as long
as I define my HOM_NET Correct. below is the short snort.conf file:

var HOME_NET 192.168.1.0/24

# Set up the external network addresses as well.  A good start may be "any"
var EXTERNAL_NET any
# var EXTERNAL_NET !$HOME_NET

# Configure your server lists.  This allows snort to only look for attacks
to
# systems that have a service up.  Why look for HTTP attacks if you are not
# running a web server?  This allows quick filtering based on IP addresses
# These configurations MUST follow the same configuration scheme as defined
# above for $HOME_NET.

# List of DNS servers on your network
var DNS_SERVERS [68.13.16.25,68.13.16.30]

# List of SMTP servers on your network
var SMTP_SERVERS [192.168.1.4]

# List of web servers on your network
var HTTP_SERVERS [192.168.1.4,192.168.1.100]

# List of sql servers on your network
var SQL_SERVERS $HOME_NET

# List of telnet servers on your network
var TELNET_SERVERS $HOME_NET

# List of snmp servers on your network
# var SNMP_SERVERS $HOME_NET

So with this setup is there any thing I am missing or I have a wrong
understanding on how snort setup should be? please understand I am a new
bee, so I really need your education trying to get to learn Unix.

Will really appreciate.

Thanks in advance,


Arthur A. Melvin

Current thread:

Snort config and setup Need you help - Please! Arthur Chilipweli (Jul 13)
- RE: Snort config and setup Need you help - Please! Patrick Harper (Jul 13)
  - RE: Snort config and setup Need you help - Please! Arthur Chilipweli (Jul 13)
- Re: Snort config and setup Need you help - Please! Matt Kettler (Jul 13)
  - Re: Snort config and setup Need you help - Please! Matt Kettler (Jul 13)
    - RE: Snort config and setup Need you help - Please! Jeff Dell (Jul 13)
  - RE: Snort config and setup Need you help - Please! Arthur Chilipweli (Jul 13)