Re: [Snort-users] No alerts: Good or bad

From: Adam Shephard <sfnative33(at)yahoo.com>
Date: Wed Feb 19 2003 - 10:40:16 EST

• Erek Adams <erek@snort.org> wrote:
  > *STOP* Do _NOT_ pass go. Do _NOT_ collect $200.
  

Done. Debian does have 1.9.0 in their UNSTABLE distribution so switching to it is not big deal.

> *gack* I'm sorry you are having to use a

I didn't it mind it too much until I set up my own box using pf. Now, the Firebox is the bane of my existence.

> Honestly, it sounds like all is good. But, it's
<snip>Depending on your HOME_NET and EXTERNAL_NET
> settings, if you do see traffic you may or may not
</snip>
That's what I've got in there. So, I figured "Cool. This should be simple." But noooooooooo.

I've got the Firebox allowing a range of ports in from the address of my box running nmap. I know nmap is getting through because I can see it both on the Firebox logs and on the logs of a machine inside the network.

I have snort on in sniffer mode and can see lots of traffic coming across it but none of that traffic is coming from my nmap box. I thought that perhaps it would look like traffic from the Firebox but there isn't any of that either.

At first I felt like I was just paranoid and was trying to triple-check everything. Now, I'm wondering.

---

Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com

---

This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Wed Feb 19 10:57:49 2003