[Snort-sigs] Snort alerts

Pildesapo2 pildesapo2 at protonmail.com
Mon May 21 09:40:32 EDT 2018


Currently I am trying to setup Snort 2.9.11. The problem is that snort is not detecting any nmap scans nor metasploit attacks. Adding a simple ICMP rule works though. Both community and registered rulesets are added and loaded into Snort.

Virtualbox environment (1 attack VM, 1 victim VM) with snort on the host machine, listening on vboxnet4 on which the victim VM receives nmap and metasploit attacks.

Snort start command:
$ sudo snort -c /etc/snort/snort.conf -l /var/log/snort/test5 -A full -i vboxnet4 -k none -de

My question is: why aren't any alerts triggered on the nmap or metasploit attacks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20180521/0be736ea/attachment.html>

More information about the Snort-sigs mailing list