AW: (Snort-users) Alert problem

[<sandro.poppi () wacker com>]

Hi Laura,

when running nessus and snort on the same machine you won't get alarms if snort
is bound to  a network interface because all the traffic is local and no packet
leaves your machine. If you don't have a second linux box to be used with nessus
you can try (only for testing purposes) to bind snort to your loopbackinterface
(option -i lo) and use nessus to contact 127.0.0.1 then you should get attacks
as they occur in snort.

HTH,
Sandro
> Hi,
>
> I posted my problem but I still cannot solve it. I tried to
> test snort
> with using different attacks simulated by Nessus. I use one pc
> (redhat7.1) to run both snort and nessus. The IP address is dynamic
> assigned. Whenever I run snort, the alerts are always IDS10
> or IDS246,
> like below:
> > [**] [1:499:1] MISC Large ICMP Packet [**]
> > [Classification: Potentially Bad Traffic] [Priority: 2]
> > ......
> > [Xref => http://www.whitehats.com/info/IDS246]
>
> Could you please give me any suggestions?
>
> Thanx a lot,
>
> Laura
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users