[Snort-users] newbie configuration issues
pauljgreene at ...5068...
Tue Jul 23 19:00:04 EDT 2002
I recently installed Snort on an "IDS bridge" using OpenBSD.
The setup is a cable modem. The "IDS bridge" is between the cable modem and
the NAT box (another openbsd box). The NAT box is dynamically assigned an
IP address in the 68.48.xxx.xxx range by the cable company. The internal
network is a 192.168.0.0/24 network.
The snort.conf file is just a default; nothing changed from the original.
The only alerts being logged are those going out from the network, and most
of those are false alerts (send a 2k size e-mail, and Snort logs an alert
as "Attempted Administrator Priviledge Gain" coming from my ISP assigned IP
address 68.48.xxx.xxx). No incoming alerts are being logged.
I know from previous experience that I should be getting script kiddies
hitting me 50 times a day, yet no alerts are being generated.
What should I be looking at to get this "pig" to start squeeling?
More information about the Snort-users