Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 2.9.04 not Alert on Inet interface

From: childrenofchaos () freenet de
Date: Mon, 04 Apr 2011 18:00:34 +0200
Hey,

Snort is running on Ubuntu, i wrote an easy rule which should alert if a packet hits an special IP with ssh port.
from the localnet (10.12.0.0) it works perfekt.

But when i change the rule and the interface to ppp0 or eth1 (inet iface) and try it from an externel server, the alert 
doesn´t occour.
i saw, that !no! alerts occour from the inet interface oO

$HOME_NET 10.12.0.0/24
$EXTERNAL_NET any ( or !$HOME_NET -> same...)

i don´t know why snort can not "hear" on the inet iface.
all Rules work fine from the localnet, but not from extern.

i hope, someone can point me the way
thx





---
freenetMail - Der zuverlässige E-Mail-Dienst von freenet.de
Jetzt http://mail.freenet.de/produkte/basic/index.html?pid=10111947018 mit 1 GB Speicher und Profi-Spamschutz sichern!
------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: