[Snort-users] Snort deadly quiet in the firewall.
mkettler at ...4108...
Mon Aug 12 10:49:03 EDT 2002
I see two possible problems offhand:
1) Are you sure the attack packets are even reaching the machine with
dynamic IP? some ISP's have firewalls upstream of their users so the
packets never reach the network. They may also do things like re-assembling
all fragmented packets at their network boundaries, prior to transporting
them to your network. This is saves them network wire bandwidth, at the
cost of extra router CPU usage (few ISP's are likely to do this, but I'd
not be surprised if some do).
2) are you sure that snort.conf's HOME_NET is being updated to match the
changes to the dynamic IP? (changing the one on the command line is not the
At 12:56 AM 8/13/2002 +0800, SW wrote:
>I install snort in a network with static public IP connected to the
>internet, it logged all scanned and frag packet.
>But when snort installed in anotehr network on a dynamic public IP
>address, it goes silent, but sometimes do log some packet. It failed to
>log Frag attack, and all sort of scans. The logged packet are those like
>I launched the same attack on both network, but the snort with static IP
>does log the packet, while the snort with dynamic IP doesn't log the packet.
>Does anyone know how to track down the problem? I am using OpenBSD 3.1
More information about the Snort-users