[Snort-users] ADSL with Border IDS config problem

Erek Adams erek at ...577...
Thu Feb 28 03:35:03 EST 2002


On Thu, 28 Feb 2002, Mysq  wrote:


[...snip...]

> The problem:
> Snort doesn't log or alert to any attacks or
> portscans coming in from the
> internet. (nmap using different options and the
> site Shields up which port
> scans your IP and displays results).
> I checked to see if the actual installation
> works by connecting a machine to
> Hub1 and running a portscan - snort picked it up
> successfully. When a portscan is run from the
> internet on the firewall
> public IP (ppp0) - snort doesn't pick it up.

[...snip...]

To just take a guess, I'd bet it was a auto-sensing hub.  With that in mind,
I'd also think that http://www.snort.org/docs/faq.html#6.21 is the key to your
problem.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list