[Snort-users] snort ignores ppp0
centiped at ...1832...
Sun Apr 15 13:13:58 EDT 2001
Yap. a dial up ISP user on a simple 56K USR modem on ppp0.
eth0 points to another host that sits 1 meter to the left, on the same
I believe ppp0 to be the threat... :-)
but snort believes otherwise...
version 1.7, RPMed btw...
Joseph Nicholas Yarbrough wrote:
> On Sunday 15 April 2001 09:01, you wrote:
>> I've just initially installed snort. the problem is that it detects
>> intrusions only on my eth0
>> while utterly ignoring ppp0, which is, naturally, the only interface I
>> really care to have a
>> NIDS on.
>> I tried switching between "-i eth0" and "-i ppp0" and between HOME_NET
>> to HOME_NET $ppp0_ADDRESS but snort insisted on letting every ppp0
>> packet slip
>> in innoticed.
>> I even tried using the "-i any" but it didn't work. ipchains was of
>> course suspended during
>> the tests and EXTERNAL_NET was set to "any" all the time.
>> any suggestions ?
> Perhaps it is your inside network you need to worry about. How long did you
> have it running? Are you a dialup internet user?
More information about the Snort-users