[Snort-users] Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box!
jlay at ...13475...
Mon Apr 7 16:52:47 EDT 2014
On 2014-04-07 13:19, Teo En Ming wrote:
> Question 3: The Nessus vulnerability scanner reported numerous
> vulnerabilities. Why are there no alerts in my Snort IDS box at all?
Most folks install snort, then start scanning from their own network.
If you have:
ipvar HOME_NET 192.168.0.0/24
and your scanning machine is 192.168.0.1 and the machine you're
scanning is 192.168.0.2, don't expect to see anything. As a quick test
for IDS functionality do the below:
Verify you see local.rules in your snort.conf
alert icmp any any -> any any (msg:"Ping test"; sid:10000054;)
to your local.rules
Stop snort, start snort. Now ping something. I use this rule a lot
after upgrading to verify functionality (that is if my users haven't
already inadvertently "helped" me).
More information about the Snort-users