Snort mailing list archives
Re: Home_Net, External_Net issue
From: Josh Bitto <jbitto () onlineschool ca>
Date: Tue, 21 May 2013 15:21:11 -0700
where did your snort.conf file come from? is it one that was included within the mod you applied to your pfsense installation?? Yes it was included in the mod or package as the guys at pfsense call it. I found a solution to my problem....Within pfsense I have to create an alias that list all of my local subnets...then create a whitelist within snort and use that alias name. Then use that whitelist for each interface. Sounds like a lot but it's not. Apparently there is supposed to be a fix with a new version release of this package.
*From:*Joel Esler [mailto:jesler () sourcefire com] *Sent:* Tuesday, May 21, 2013 12:47 PM *To:* Josh Bitto *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] Home_Net, External_Net issue On May 21, 2013, at 1:58 PM, Josh Bitto <jbitto () onlineschool ca <mailto:jbitto () onlineschool ca>> wrote: I’m wondering if this is a config issue or traffic setup issue. Currently my internal network the ONLY thing that ever shows up is portscans. I can’t get anything else to be looked at. Is this due to a Home_net and External_net being setup wrong? My understanding is if I list Home_net to “any” then snort should monitor that traffic. Is the traffic that you /are/ alerting on only UDP or TCP too?
-- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Home_Net, External_Net issue Josh Bitto (May 21)
- Re: Home_Net, External_Net issue Joel Esler (May 21)
- Re: Home_Net, External_Net issue Josh Bitto (May 21)
- Re: Home_Net, External_Net issue waldo kitty (May 21)
- Re: Home_Net, External_Net issue Josh Bitto (May 21)
- Re: Home_Net, External_Net issue Josh Bitto (May 21)
- Re: Home_Net, External_Net issue Joel Esler (May 21)