[Snort-users] snort ignores ppp0
centipede
centiped at ...1832...
Sun Apr 15 13:13:58 EDT 2001
Yap. a dial up ISP user on a simple 56K USR modem on ppp0.
eth0 points to another host that sits 1 meter to the left, on the same
table...
I believe ppp0 to be the threat... :-)
but snort believes otherwise...
version 1.7, RPMed btw...
centipede.
Joseph Nicholas Yarbrough wrote:
> On Sunday 15 April 2001 09:01, you wrote:
>
>> Hi.
>>
>> I've just initially installed snort. the problem is that it detects
>> intrusions only on my eth0
>> while utterly ignoring ppp0, which is, naturally, the only interface I
>> really care to have a
>> NIDS on.
>> I tried switching between "-i eth0" and "-i ppp0" and between HOME_NET
>> 192.168.1.0/24
>> to HOME_NET $ppp0_ADDRESS but snort insisted on letting every ppp0
>> packet slip
>> in innoticed.
>> I even tried using the "-i any" but it didn't work. ipchains was of
>> course suspended during
>> the tests and EXTERNAL_NET was set to "any" all the time.
>>
>> any suggestions ?
>>
>> thanks.
>>
> Perhaps it is your inside network you need to worry about. How long did you
> have it running? Are you a dialup internet user?
>
> -Nick
>
>
>
More information about the Snort-users
mailing list