Snort mailing list archives
Couple of questions.
From: "Allan" <yummycheese () cogeco ca>
Date: Mon, 9 Jun 2014 18:19:16 -0400
Hello, Snort newbie here. I have a few questions. When I run Snort on my wan interface it doesn't log most of the alerts. I'll scan my IP from a friends house using Nessus and all that really shows up is a port scan from his IP. If I run Snort on my lan interface everything shows up from the Nessus scan which is good but the problem with that is I get 100's of alerts from my private IP's going out to the internet. I tried ignoring the alerts with a bpf file with !(src net 192.168.1.0/24) but that just seems to stop logging all alerts. Snort is running on my Freebsd gateway firewall. Why would running Snort on my wan interface only show port scans and a few other alerts.
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Couple of questions. Allan (Jun 09)
- Re: Couple of questions. Jeremy Hoel (Jun 09)
- Message not available
- Message not available
- Message not available
- Re: Couple of questions. Jeremy Hoel (Jun 09)
- Message not available
- Re: Couple of questions. Jeremy Hoel (Jun 09)