[Snort-users] Snort & Snot
ronneilc at ...4042...
Tue Jan 22 09:09:06 EST 2002
-> -----Original Message-----
-> From: bluz [mailto:bluz at ...4636...]
-> Sent: Tuesday, January 22, 2002 10:43 AM
-> To: snort-users at lists.sourceforge.net
-> Subject: [Snort-users] Snort & Snot
-> I'm sorry if this question has come up before, but I'm new
-> to the list
-> and couldn't find any mention of this in the archives....
-> I've been running SNORT 1.83 for a while and it seems to be working
-> fine. I just installed SNOT 0.92a and have run multiple RULE files
-> against SNORT...
-> The problem is, only a small percentage of SNOT generated attacks is
-> reported by SNORT on the attacked system. I'm not sure if
-> the problem
-> is SNORT or SNOT.
First question is, is your sensor connected to a switch?
Second is, if so, is the port where you sensor is connected configured as a monitoring port?
Third is, your $home_net. Check it out.
Fourth is, you might be using -z est param.
Hope this helps...
More information about the Snort-users