[Snort-users] Snort on a routing box

Jean-Philippe Grenier jgrenier at ...1106...
Mon Jan 8 09:56:36 EST 2001


Nevermind. 
 
I was using the -h to assign the home net, but I didn't change the "var HOME
..." in snort.rules.
 
So it was using the settings in the config file.

-----Original Message-----
From: Jean-Philippe Grenier [mailto:jgrenier at ...1106...]
Sent: Monday, January 08, 2001 9:36 AM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Snort on a routing box



I'm having a problem when I put snort on a routing box. 

Snort has always been between the router and the firewall and 
I never had any problems. 

                  snort 
                     | 
  router -------------------- firewall 



But now, I had to move snort on the firewall box and I can't get 
anything from snort. 


  router -------------------- firewall with 
                                snort 

It isn't alerting me for scans and things like that. It detects 
scans only when I use the preprocessor option, but without 
this option, I am not receiving the usual scan alert when I 
scan a host in my home net from a host between the router 
and the firewall. 


Any idea why ? 


Thanks, Jean-Philippe 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010108/e4c426b1/attachment.html>


More information about the Snort-users mailing list