Snort mailing list archives
Re: Packets being alerted with other hosts, but not the localhost with Snort on it
From: John Byrne via Snort-users <snort-users () lists snort org>
Date: Sun, 9 Sep 2018 18:02:12 -0700
Oops… I accidentally replied to just wkitty42… This message is going to both wkitty42 and the snort user list. Sorry about that… I just clicked on reply and assumed it would go to the snort user list. Thanks again, John Byrne
On Sep 9, 2018, at 1:31 AM, wkitty42--- via Snort-users <snort-users () lists snort org> wrote: On 09/08/2018 07:18 PM, John Byrne via Snort-users wrote:Hi Everyone, I’ve spent all day on this and I can’t find the problem. I’m sure it’s got to be a configuration issue, but I can’t find it. I’m having a problem with snort detecting packets being sent out of the host that snort is running on. The other hosts create an alert fine, just not the snort host. Is there some sort of localhost configuration setting I’m missing somewhere?ummm... localhost is not included in $HOME_NET and the only rule i see enabled that might catch localhost originated packets is your 10000024 but you've limited it to IGMP so... with that, yes and no, it is and is not a configuration error... it is if you expect localhost to be included in HOME_NET... it is not if you remember localhost is not covered by HOME_NET... -- NOTE: No off-list assistance is given without prior approval. *Please keep mailing list traffic on the list unless* *a signed and pre-paid contract is in effect with us.* _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Packets being alerted with other hosts, but not the localhost with Snort on it John Byrne via Snort-users (Sep 08)
- Re: Packets being alerted with other hosts, but not the localhost with Snort on it wkitty42--- via Snort-users (Sep 09)
- Re: Packets being alerted with other hosts, but not the localhost with Snort on it John Byrne via Snort-users (Sep 09)
- Re: Packets being alerted with other hosts, but not the localhost with Snort on it wkitty42--- via Snort-users (Sep 10)
- Re: Packets being alerted with other hosts, but not the localhost with Snort on it John Byrne via Snort-users (Sep 10)
- Re: Packets being alerted with other hosts, but not the localhost with Snort on it John Byrne via Snort-users (Sep 10)
- Re: Packets being alerted with other hosts, but not the localhost with Snort on it wkitty42--- via Snort-users (Sep 10)
- Re: Packets being alerted with other hosts, but not the localhost with Snort on it John Byrne via Snort-users (Sep 10)
- Re: Packets being alerted with other hosts, but not the localhost with Snort on it John Byrne via Snort-users (Sep 10)
- Re: Packets being alerted with other hosts, but not the localhost with Snort on it John Byrne via Snort-users (Sep 09)
- Re: Packets being alerted with other hosts, but not the localhost with Snort on it wkitty42--- via Snort-users (Sep 09)