FW: [Snort-users] Sending Alert Via E-mail
jsage at ...2022...
Fri Nov 23 22:49:02 EST 2001
Fadzly Zainuddin wrote:
> Dear Friend,
> I'm connecting my Snort IDS machine together my mail server in the same hub.
So the IDS and the mail server are two different boxes, conncected
through the hub?
> I just wonder why my IDS could not detect anything when I scan my mail
> server port. When I scan IDS machine port , my IDS able to detect. I send a
> port scanning request from external PC. Theoretically when I scan my mail
> server, my IDS machine should receive a same thing because hub will
> broadcast right?
If I understand the topology, no.
I don't remember the details (the brands..), but it's been discussed
that a "hub" is often functionally a switch; in other words, no, some
hubs do not broadcast any packet received out all other ports.
Sorry I don't remember which brands/models are like this...
> Am I correct or I need the specified a special command.
> Current my command is
> ./snort -dev -l ./log -h xxx.xxx.xxx.0/24 -c snort.conf
I don't think this has anything to do with it, unless you can verify
that the hub you're using *does* pass all packets received out all ports.
In that case it may have something to do with your home network
definition, and the way the rule sets you are using are affected by the
..but I'm betting it's the "hub".
More information about the Snort-users