Snort mailing list archives

Couple of questions.

From: "Allan" <yummycheese () cogeco ca>
Date: Mon, 9 Jun 2014 18:19:16 -0400

Hello,

Snort newbie here.

I have a few questions. 

When I run Snort on my wan interface it doesn't log most of the alerts. I'll scan my IP from a friends house using 
Nessus and all that really shows up is a port scan from his IP.

If I run Snort on my lan interface everything shows up from the Nessus scan which is good but the problem with that is 
I get 100's of alerts from my private IP's going out to the internet. I tried ignoring the alerts with a bpf file with 
!(src net 192.168.1.0/24) but that just seems to stop logging all alerts. 

Snort is running on my Freebsd gateway firewall. 

Why would running Snort on my wan interface only show port scans and a few other alerts.

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Couple of questions. Allan (Jun 09)
- Re: Couple of questions. Jeremy Hoel (Jun 09)
  - Message not available
    - Message not available
    - Message not available
    - Re: Couple of questions. Jeremy Hoel (Jun 09)
- Re: Couple of questions. Joel Esler (jesler) (Jun 09)