[Snort-users] Strange Logs
foo_bar_00 at ...131...
Thu Apr 26 20:32:23 EDT 2001
My logs have been completely quiet with the exception
of port scans from my DNS servers since install. Today
I got a ton of logs for stuff destined to machines
that are on my subnet, but not to _MY_ machine.
However, homenet is set to just my machine. They were
ICMP Nmap2.36BETA or HPING2 Echo
My configuration is below, I'm running Solaris 2.6
x86, and Snort 1.7
My snort.conf starts:
var HOME_NET $elxl0_ADDRESS
var EXTERNAL_NET !$HOME_NET
And I use this command:
/usr/local/bin/snort -A fast -s -i elxl0 -l
/var/log/snortlogs -c /etc/snort/snort.conf -D
Am I missing something?
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
More information about the Snort-users