Snort mailing list archives
AW: (Snort-users) Alert problem
From: <sandro.poppi () wacker com>
Date: Mon, 03 Dec 2001 09:47:00 +0100
Hi Laura, when running nessus and snort on the same machine you won't get alarms if snort is bound to a network interface because all the traffic is local and no packet leaves your machine. If you don't have a second linux box to be used with nessus you can try (only for testing purposes) to bind snort to your loopbackinterface (option -i lo) and use nessus to contact 127.0.0.1 then you should get attacks as they occur in snort. HTH, Sandro
Hi, I posted my problem but I still cannot solve it. I tried to test snort with using different attacks simulated by Nessus. I use one pc (redhat7.1) to run both snort and nessus. The IP address is dynamic assigned. Whenever I run snort, the alerts are always IDS10 or IDS246, like below:[**] [1:499:1] MISC Large ICMP Packet [**] [Classification: Potentially Bad Traffic] [Priority: 2] ...... [Xref => http://www.whitehats.com/info/IDS246]Could you please give me any suggestions? Thanx a lot, Laura _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: (Snort-users) Alert problem sandro.poppi (Dec 03)