[ale] A snort newbie question
James CE Johnson
jcej at tragus.org
Tue Aug 21 18:48:07 EDT 2001
I'm having a bit of trouble configuring snort on my firewall/gateway. At
least, I think I am...
eth0 is my internal interface, eth1 is connected to my cable modem.
In snort.conf I have:
var HOME_NET 192.168.42.0/24
var EXTERNAL_NET $eth1_ADDRESS
And I fire up snort thusly:
snort -Afull -i eth1 -c /etc/snort/snort.conf -D
I then login to a host external to my network and telnet back to my
webserver. When I throw the default.ida yack at it I don't see anything
in my snort logs. The only way I can get anything in the snort logs is
to change both *_NET values to 'any' but then I get alerts about
legitimate traffic I generate inside my network.
Suggestions?
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list