[Snort-users] newbie configuration issues

Douglas douglas at ...6435...
Wed Jul 24 09:42:02 EDT 2002


What interface is snort listening on?
Try listening on the bridge0 (-i bridge0), or external interface.

Doug


> Hello All;
> 
> I recently installed Snort on an "IDS bridge" using OpenBSD.
> 
> The setup is a cable modem. The "IDS bridge" is between the 
> cable modem and 
> the NAT box (another openbsd box). The NAT box is dynamically 
> assigned an 
> IP address in the 68.48.xxx.xxx range by the cable company. 
> The internal 
> network is a 192.168.0.0/24 network.
> 
> The snort.conf file is just a default; nothing changed from 
> the original.
> 
> The only alerts being logged are those going out from the 
> network, and most 
> of those are false alerts (send a 2k size e-mail, and Snort 
> logs an alert 
> as "Attempted Administrator Priviledge Gain" coming from my 
> ISP assigned IP 
> address 68.48.xxx.xxx). No incoming alerts are being logged.
> 
> I know from previous experience that I should be getting 
> script kiddies 
> hitting me 50 times a day, yet no alerts are being generated.
> 
> What should I be looking at to get this "pig" to start squeeling?
> 
> Paul Greene




More information about the Snort-users mailing list