[Snort-users] What am I missing?

Ed Greshko Edward.M.Greshko at ...1974...
Sat May 5 19:48:35 EDT 2001


Hi,

Here is my setup....

3 machines on the same subnet.
  a.  runs snort
  b.  runs nessus  (10.220.17.96)
  c.  intended victim

Snort configuration:
  var HOME_NET [10.220.17.0/24,!10.220.17.96/32]
  var EXTERNAL_NET !$HOME_NET

Then a full nessus run was performed.

However, the only things logged were....

spp_portscan: portscan status
and
spp_http_decode: CGI Null Byte attack detected

I must be missing something....

Ed

----
Edward M. Greshko                  Technical Manager
                                   Syntegra Asia Region 




More information about the Snort-users mailing list