[Snort-users] Snort 2.9.04 not Alert on Inet interface

childrenofchaos at ...10061... childrenofchaos at ...10061...
Mon Apr 4 12:00:34 EDT 2011


Hey,

Snort is running on Ubuntu, i wrote an easy rule which should alert if a packet hits an special IP with ssh port.
from the localnet (10.12.0.0) it works perfekt.

But when i change the rule and the interface to ppp0 or eth1 (inet iface) and try it from an externel server, the alert doesn´t occour.
i saw, that !no! alerts occour from the inet interface oO

$HOME_NET 10.12.0.0/24
$EXTERNAL_NET any ( or !$HOME_NET -> same...)

i don´t know why snort can not "hear" on the inet iface.
all Rules work fine from the localnet, but not from extern.

i hope, someone can point me the way
thx





---
freenetMail - Der zuverlässige E-Mail-Dienst von freenet.de
Jetzt http://mail.freenet.de/produkte/basic/index.html?pid=10111947018 mit 1 GB Speicher und Profi-Spamschutz sichern!


More information about the Snort-users mailing list