Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort vulnerability scan detection

From: Eric G <eric () nixwizard net>
Date: Mon, 14 Apr 2014 11:26:07 -0400
On Apr 14, 2014 11:19 AM, "Teo En Ming" <teo.en.ming () gmail com> wrote:


Hi,

I ran both nessus and nmap scans. Snort is unable to detect these scans.



Teo I believe you really need to stop assuming Snort is the problem... it's
very, very likely configuration issues or some issue with the way you're
feeding data to Snort that is the problem.

Are you only feeding data to Snort on the inside of your network? Is there
a firewall blocking traffic on the outside, and that's why Snort doesn't
see the traffic?

If you are feeding outside traffic to Snort, do you have HOME_NET defined
correctly, meaning do you have your outside IP addresses included in
HOME_NET?

--
Eric
http://www.linkedin.com/in/ericgearhart

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: