[Snort-users] newbie configuration issues

Paul Greene pauljgreene at ...5068...
Tue Jul 23 19:00:04 EDT 2002


Hello All;

I recently installed Snort on an "IDS bridge" using OpenBSD.

The setup is a cable modem. The "IDS bridge" is between the cable modem and 
the NAT box (another openbsd box). The NAT box is dynamically assigned an 
IP address in the 68.48.xxx.xxx range by the cable company. The internal 
network is a 192.168.0.0/24 network.

The snort.conf file is just a default; nothing changed from the original.

The only alerts being logged are those going out from the network, and most 
of those are false alerts (send a 2k size e-mail, and Snort logs an alert 
as "Attempted Administrator Priviledge Gain" coming from my ISP assigned IP 
address 68.48.xxx.xxx). No incoming alerts are being logged.

I know from previous experience that I should be getting script kiddies 
hitting me 50 times a day, yet no alerts are being generated.

What should I be looking at to get this "pig" to start squeeling?

Paul Greene






More information about the Snort-users mailing list