Snort mailing list archives

Previous By Date Next
Previous By Thread Next

newbie configuration issues

From: Paul Greene <pauljgreene () comcast net>
Date: Tue, 23 Jul 2002 21:58:01 -0400
Hello All;

I recently installed Snort on an "IDS bridge" using OpenBSD.
The setup is a cable modem. The "IDS bridge" is between the cable modem and the NAT box (another openbsd box). The NAT box is dynamically assigned an IP address in the 68.48.xxx.xxx range by the cable company. The internal network is a 192.168.0.0/24 network. 

The snort.conf file is just a default; nothing changed from the original.
The only alerts being logged are those going out from the network, and most of those are false alerts (send a 2k size e-mail, and Snort logs an alert as "Attempted Administrator Priviledge Gain" coming from my ISP assigned IP address 68.48.xxx.xxx). No incoming alerts are being logged.
I know from previous experience that I should be getting script kiddies hitting me 50 times a day, yet no alerts are being generated. 

What should I be looking at to get this "pig" to start squeeling?

Paul Greene




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: