Re: Snort vulnerability scan detection

[waldo kitty <wkitty42 () windstream net>]

On 4/14/2014 11:37 AM, Teo En Ming wrote:
> Dear Eric G,
>
> My snort sensor is behind a NAT router with Stateful Packet Inspection (SPI)
> firewall. My HOME_NET is 192.168.1.0/24 <http://192.168.1.0/24>. I usually run
> nmap and nessus scans from the internal network against my PUBLIC IP address.

that means that your scans are HOME_NET -> HOME_NET *IF* you have your external 
public address listed in your HOME_NET...

if you do not have your public address in your HOME_NET then you are scanning 
HOME_NET -> EXTERNAL_NET...

in both cases, if you are expecting EXTERNAL_NET -> HOME_NET rules to fire, you 
are misunderstanding how the rules work... you have to scan from a machine that 
is outside your HOME_NET...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!