[Snort-users] Alerts generated by hosts on which snort is runnung

Briggs, Bruce Bruce.Briggs at ...13183...
Wed Sep 14 17:24:26 EDT 2005

Are you sure that eth1/snort interface being checked is the WAN port??? 
Sound like maybe not.

Also, check out BASE instead of ACID.
ACID is no longer being improved, while BASE is a fork of ACID and is
being improved.


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Marcin
Sent: Wednesday, September 14, 2005 6:25 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Alerts generated by hosts on which snort is


  At the beginning little description of my situation. I have linux
  box with two interfaces. Eth0 - lan, eth1 - wan. I want snort to
  watch attack only from the WAN.

  I set up snort with definitions like below (in snort.conf):

  var HOME_NET 83.17.xxx.xxx/30    # (my public subnetwork: my ip, ip
  of DSL modem, network address and broadcast)
  var SMTP_SERVERS 83.17.xxx.xxx
  var HTTP_SERVERS 83.17.xxx.xxx
  (rest of the conf file is, i think, default, without any strange

  I start snort to listen on eth1.

  The problem is, that when i'm inspecting ACID i see my own server as
  a source of many "attacks", port scans, etc. Destinations of "these"
  attack are often normal www sites, which lan users visits every day.

  And this is my problem. How to set up these variables, so my snort
  will detect only real attacks? FROM internet to my server, NOT form
  my server to internet :)

Marcin, slacklist at ...9735...                         

SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server.
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list