[Snort-users] snort ignores ppp0

centipede centiped at ...1832...
Sun Apr 15 13:13:58 EDT 2001


Yap.  a dial up ISP user on a simple 56K USR modem on ppp0. 
eth0 points to another host that sits 1 meter to the left, on the same 
table...
I believe ppp0 to be the threat... :-)
but snort believes otherwise...
version 1.7, RPMed btw...

centipede.

Joseph Nicholas Yarbrough wrote:

> On Sunday 15 April 2001 09:01, you wrote:
> 
>> Hi.
>> 
>> I've just initially installed snort.  the problem is that it detects
>> intrusions only on my eth0
>> while utterly ignoring ppp0, which is, naturally, the only interface I
>> really care to have a
>> NIDS on.
>> I tried switching between "-i eth0" and "-i ppp0" and between HOME_NET
>> 192.168.1.0/24
>> to HOME_NET $ppp0_ADDRESS but snort insisted on letting every ppp0
>> packet slip
>> in innoticed.
>> I even tried using the "-i any" but it didn't work.  ipchains was of
>> course suspended during
>> the tests and EXTERNAL_NET was set to "any" all the time.
>> 
>> any suggestions ?
>> 
>> thanks.
>> 
> Perhaps it is your inside network you need to worry about. How long did you 
> have it running? Are you a dialup internet user?
> 
> -Nick
> 
> 
> 





More information about the Snort-users mailing list