[Snort-users] alerts

Daniel van Balen vdaniel at ...191...
Mon Aug 7 07:32:58 EDT 2000


On Mon, Aug 07, 2000 at 01:24:43PM -0400, Billy Smith wrote:
> I download the rules w/out !HOMENET from www.snort.org and I am running 
> snort with the following options:
> 
> snort -d -b -D -N -A fast -c testrules.txt
> 

	I guess that you mean the: "07272kany.rules - Same ruleset using 'any
any' instead of '$HOME_NET' variables" rules...
	BTW to use the rules with $HOME_NET all you need to do is add a line to
the rules file like so:

var HOME_NET yournet/subnet

	For example if you are only interested in atacks coming to the box
you're running snort on, the line would look like this:

var HOME_NET <your boxes ip addr>/32


> 
> I am using CyberCop scanner to scan a box that is running snort, and I am 
> not getting any alerts.
> 
> Any ideas on what I am missing.
> 

	Where are you looking for the alerts? Did you enable the portscan
preprocesor? Are you sure CyberCop should trip any of the rules in your rules
file? 

-spiff




More information about the Snort-users mailing list