[Snort-users] newbie configuration issues
douglas at ...6435...
Wed Jul 24 09:42:02 EDT 2002
What interface is snort listening on?
Try listening on the bridge0 (-i bridge0), or external interface.
> Hello All;
> I recently installed Snort on an "IDS bridge" using OpenBSD.
> The setup is a cable modem. The "IDS bridge" is between the
> cable modem and
> the NAT box (another openbsd box). The NAT box is dynamically
> assigned an
> IP address in the 68.48.xxx.xxx range by the cable company.
> The internal
> network is a 192.168.0.0/24 network.
> The snort.conf file is just a default; nothing changed from
> the original.
> The only alerts being logged are those going out from the
> network, and most
> of those are false alerts (send a 2k size e-mail, and Snort
> logs an alert
> as "Attempted Administrator Priviledge Gain" coming from my
> ISP assigned IP
> address 68.48.xxx.xxx). No incoming alerts are being logged.
> I know from previous experience that I should be getting
> script kiddies
> hitting me 50 times a day, yet no alerts are being generated.
> What should I be looking at to get this "pig" to start squeeling?
> Paul Greene
More information about the Snort-users