[Snort-users] alerts

Daniel van Balen vdaniel at ...191...
Mon Aug 7 07:32:58 EDT 2000

On Mon, Aug 07, 2000 at 01:24:43PM -0400, Billy Smith wrote:
> I download the rules w/out !HOMENET from www.snort.org and I am running 
> snort with the following options:
> snort -d -b -D -N -A fast -c testrules.txt

	I guess that you mean the: "07272kany.rules - Same ruleset using 'any
any' instead of '$HOME_NET' variables" rules...
	BTW to use the rules with $HOME_NET all you need to do is add a line to
the rules file like so:

var HOME_NET yournet/subnet

	For example if you are only interested in atacks coming to the box
you're running snort on, the line would look like this:

var HOME_NET <your boxes ip addr>/32

> I am using CyberCop scanner to scan a box that is running snort, and I am 
> not getting any alerts.
> Any ideas on what I am missing.

	Where are you looking for the alerts? Did you enable the portscan
preprocesor? Are you sure CyberCop should trip any of the rules in your rules


More information about the Snort-users mailing list