[Snort-users] seeing whol subnet

David Bear David.Bear at ...1022...
Wed Dec 18 08:30:08 EST 2002


I would like snort to 'see'/'report' on hosts in the whole subnet.  I have set my HOME_NET vary to any, and well as trying vx0_ADDRESS and different combinations of the ip/add/subnet (in CIDR block notation).  When snort does alert, it only alerts on attacks directed to the host it is running on, ie it does not alert on when any other host is attacked.  I am runing on freebsd 4.6.2.  While I don't control the wiring and network switches I am reasonaly certain this is a standard 10/mbt shared ethernet port -- so all hosts should be visible.

Are there any other config parameters that I am just missing? (I have enabled ALL rules to alert -- even the icmp rule that seem to generate a lot of alert -- still all quiet.  I'm not quite ready to believe that my subnet is this quiet...

--

David Bear
College of Public Programs/ASU
Mail Code 0803




More information about the Snort-users mailing list