[Snort-users] snort ignores ppp0

centipede centiped at ...1832...
Sun Apr 15 13:13:58 EDT 2001

Yap.  a dial up ISP user on a simple 56K USR modem on ppp0. 
eth0 points to another host that sits 1 meter to the left, on the same 
I believe ppp0 to be the threat... :-)
but snort believes otherwise...
version 1.7, RPMed btw...


Joseph Nicholas Yarbrough wrote:

> On Sunday 15 April 2001 09:01, you wrote:
>> Hi.
>> I've just initially installed snort.  the problem is that it detects
>> intrusions only on my eth0
>> while utterly ignoring ppp0, which is, naturally, the only interface I
>> really care to have a
>> NIDS on.
>> I tried switching between "-i eth0" and "-i ppp0" and between HOME_NET
>> to HOME_NET $ppp0_ADDRESS but snort insisted on letting every ppp0
>> packet slip
>> in innoticed.
>> I even tried using the "-i any" but it didn't work.  ipchains was of
>> course suspended during
>> the tests and EXTERNAL_NET was set to "any" all the time.
>> any suggestions ?
>> thanks.
> Perhaps it is your inside network you need to worry about. How long did you 
> have it running? Are you a dialup internet user?
> -Nick

More information about the Snort-users mailing list