Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How do we detect intrusions from an IP ?

From: "Harper, Patrick" <patrick.harper () phns com>
Date: Thu, 22 Jul 2004 07:08:44 -0500
Put your internal range as the IP range of your internal network, fill in all the variables as best as possible.  I put 
external net as !HOME_NET (everything but what is defined as home_net) and monitor with a front-end, ACID, or Aanval. I 
am assuming you are wanting to check for the possibilities of outside intrusions.

-----Original Message-----
From: msalmanf () students ee itb ac id [mailto:msalmanf () students ee itb ac id] 
Sent: Wednesday, July 21, 2004 9:02 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] How do we detect intrusions from an IP ?



Hello all...

I am a snort beginner,

How do we know or detect intrusions from an IP connecting to local area network.
For example if we have IP range 192.168.0.1 - 192.168.0.5 (I filled var HOME_NET any in /etc/snort/snort.conf) How do 
we check whether  192.168.0.3 has some intrusions/alerts or not ?

Thank you,


Regards,


Salman

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op,ick
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?listžort-users





Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: