[Snort-users] New Install

Infinity inf8nity at ...131...
Wed Jun 19 15:05:02 EDT 2002


Hello list:


A New install of Snort Version 1.8.7b119 - Windows
Release on Win2k Server.  No modifications of
snort.conf. Run from command line as follows >  snort
-dev -c snort.conf

*Side Note:  I had the same snort -W problem as
several other posters. I traced it to my Cisco VPN
Client,which I had uninstall. After I uninstalled the
VPN client - No Problem.  The VPN client had no affect
on Sniffer Pro,or ethereal.  I had a similar problem
on a machine that was using PGP*


My question:

I see all traffic on screen when I scan the snort
sensor.  But no alerts are logged.  Using LANGuard
Network Scanner to scan the SNORT sensor, it only
catches four X.11 events.  It does not catch the
NetBios enumerations, port scans, etc.  It doesnt even
trigger when i run a ping -t against it.  According to
the ICMP rules, shouldnt that at least trigger an
alert?

Shouldn't this vanilla install trigger like Mad?  With
HOME_NET any and EXTERNAL_NET any??

I see the traffic scrolling up my screen, so the
interface is catching the packets. I CTL C the session
and the summary shows 4 alerts (ALL X.11 alerts)  And
the traffic in the alert log file  is shown as having
originated from the snort machine -> scanning machine.

HELP!!!  I'm a first time user, I've read through all
the docs, and I thought my snort install should be
going nuts when I scan it.

:(

TIA.

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com




More information about the Snort-users mailing list