[Snort-users] Snort vulnerability scan detection
Teo En Ming
teo.en.ming at ...11827...
Mon Apr 14 11:37:26 EDT 2014
Dear Eric G,
My snort sensor is behind a NAT router with Stateful Packet Inspection
(SPI) firewall. My HOME_NET is 192.168.1.0/24. I usually run nmap and
nessus scans from the internal network against my PUBLIC IP address.
Teo En Ming
On Mon, Apr 14, 2014 at 11:26 PM, Eric G <eric at ...15503...> wrote:
> On Apr 14, 2014 11:19 AM, "Teo En Ming" <teo.en.ming at ...11827...> wrote:
> > Hi,
> > I ran both nessus and nmap scans. Snort is unable to detect these scans.
> Teo I believe you really need to stop assuming Snort is the problem...
> it's very, very likely configuration issues or some issue with the way
> you're feeding data to Snort that is the problem.
> Are you only feeding data to Snort on the inside of your network? Is there
> a firewall blocking traffic on the outside, and that's why Snort doesn't
> see the traffic?
> If you are feeding outside traffic to Snort, do you have HOME_NET defined
> correctly, meaning do you have your outside IP addresses included in
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users