[Snort-users] Guardian with Snort - Help

Imran Ahmad ira at ...9134...
Fri May 9 05:58:22 EDT 2003


I am new to Snort and to this list.
I have setup Snort successfully and now trying to setup "Guardian". Couldn't
find and list for Guardian..
I am running FreeBSD based firewall with three interfaces (Internal,
External and DMZ).
My External and DMZ are on the same C class which has been subneted. Now in
my Guardian.ignore file, I have defined my external C class. 
Snort is producing Attack Alerts and Guardian is detecting it. But instead
of block the attack it's producing the following log message
Odd.. source = Attacker's IP, dest = (My Class Address) - No action done.   

Any help will be appreciated.


Imran Ahmad				         
IT Manager
Burdett Buckeridge Young Limited
A participating organisation of the Australian Stock Exchange

Level 17, 60 Margaret St
Sydney NSW 2000
Direct: +61 2 9226 0059
Fax:    +61 2 9226 0066		

Email:   ira at ...9134...
Website: www.bby.com.au

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030509/85a464e9/attachment.html>

More information about the Snort-users mailing list