[Snort-users] Help with config

peter at ...5403... peter at ...5403...
Sun Dec 28 10:38:02 EST 2003


My guess is that you're using a switch instead of a hub.  What's the
make/model?

Peter

Peter Schawacker, CISSP
43300 Warner Trail
Palm Desert, CA 92211
Office: 760-200-4258
Mobile: 760-880-4258
peter at ...5403...

----- Original Message ----- 
From: "Michael Thompson" <mike at ...10501...>
To: <snort-users at lists.sourceforge.net>
Sent: Sunday, December 28, 2003 12:19 AM
Subject: [Snort-users] Help with config


> Hi Snort-users,
>
>
>
>   I have had to resort to using a hub between the ADSL Modem and
>   router. So my network looks like this now:
>
>   Modem
>
>   Hub
>   (Snort Listening here)
>
>   Router / Firewall
>
>   Remainder of network
>
>   With this setup, snort seems unable to log anything at all. I have
>   been to several scanner sites and nothing is logged. What should I
>   set the HOME_NET variable to in this config? (Is it my global IP??) Is
there any other
>   settings I need to change? The interface snort is plugged into on
>   the machine is eth1, which is activated on bootup, and snort states
>   it is listening there in promiscuios mode. It does not have a IP
>   associated with it, the RedHat config tool states this interface is
>   inactive, but I assume that this is as far as Gnome is concerd, and
>   it is active as far as snort is concerd. Am I right?
>
>   I realise that there is no local IP's in this config, as snort is
>   listening before the NAT translation takes place, but at least I
>   will have some idea of what is hitting the firewall.
>
>
> -- 
>
> Best regards,
>  Michael (mike at ...10501...)
>
> This is only a test.
>
> http://www.thompsonmike.co.uk/
> PGP KeyID := 0xA9547E32
>
> 'To see a world in a grain of sand
> And heaven in a wild flower
> To hold infinity in the palm of your hand
> And eternity in an hour'
>
> Using TheBat! Version 2.02.3 CE
> Running On Windows XP (2600, Service Pack 1)
> Sent From OneAndOne
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list