Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box!

From: James Lay <jlay () slave-tothe-box net>
Date: Mon, 07 Apr 2014 14:52:47 -0600
On 2014-04-07 13:19, Teo En Ming wrote:


Question 3: The Nessus vulnerability scanner reported numerous
vulnerabilities. Why are there no alerts in my Snort IDS box at all?


Most folks install snort, then start scanning from their own network.  
If you have:

ipvar HOME_NET 192.168.0.0/24

and your scanning machine is 192.168.0.1 and the machine you're 
scanning is 192.168.0.2, don't expect to see anything.  As a quick test 
for IDS functionality do the below:

Verify you see local.rules in your snort.conf
add:

alert icmp any any -> any any (msg:"Ping test"; sid:10000054;)

to your local.rules

Stop snort, start snort.  Now ping something.  I use this rule a lot 
after upgrading to verify functionality (that is if my users haven't 
already inadvertently "helped" me).

James

------------------------------------------------------------------------------
Put Bad Developers to Shame
Dominate Development with Jenkins Continuous Integration
Continuously Automate Build, Test & Deployment 
Start a new project now. Try Jenkins in the cloud.
http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: