[Snort-users] Help! I ran Nessus Vulnerability Scanner against my Public IP and No Alerts showed up on my Snort IDS box!

James Lay jlay at ...13475...
Mon Apr 7 17:05:43 EDT 2014


On 2014-04-07 15:04, Teo En Ming wrote:
> Dear James,
>
> I have already added the following rule to icmp.rules some time ago:
>
> alert icmp any any -> any any (msg:"ICMP Packet", sid:477; rev:3;)
>
> The rule DID fire when I visited grc.com [7] to port scan my public 
> IP
> address.
>
> Use Gibson Research Corporations ShieldsUP! to port scan your public
> IP address.
>
>  https://www.grc.com/x/ne.dll?bh0bkyd2 [8]
>
> Regards,
>
> Teo En Ming

Excellent...then your IDS is functional :)

James




More information about the Snort-users mailing list