[Snort-users] Strange Logs

Phil foo_bar_00 at ...131...
Thu Apr 26 20:32:23 EDT 2001


Hey everyone..
My logs have been completely quiet with the exception
of port scans from my DNS servers since install. Today
I got a ton of logs for stuff destined to machines
that are on my subnet, but not to _MY_ machine.
However, homenet is set to just my machine. They were
almost all:
ICMP Nmap2.36BETA or HPING2 Echo

My configuration is below, I'm running Solaris 2.6
x86,  and Snort 1.7

My snort.conf starts:
var HOME_NET $elxl0_ADDRESS
var EXTERNAL_NET !$HOME_NET

And I use this command:
/usr/local/bin/snort -A fast -s -i elxl0 -l
/var/log/snortlogs -c /etc/snort/snort.conf -D

Am I missing something?

Phil

__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/




More information about the Snort-users mailing list