[Snort-users] Snort vulnerability scan detection

Teo En Ming teo.en.ming at ...11827...
Mon Apr 14 11:37:26 EDT 2014


Dear Eric G,

My snort sensor is behind a NAT router with Stateful Packet Inspection
(SPI) firewall. My HOME_NET is 192.168.1.0/24. I usually run nmap and
nessus scans from the internal network against my PUBLIC IP address.

Regards,

Teo En Ming


On Mon, Apr 14, 2014 at 11:26 PM, Eric G <eric at ...15503...> wrote:

> On Apr 14, 2014 11:19 AM, "Teo En Ming" <teo.en.ming at ...11827...> wrote:
> >
> > Hi,
> >
> > I ran both nessus and nmap scans. Snort is unable to detect these scans.
> >
>
> Teo I believe you really need to stop assuming Snort is the problem...
> it's very, very likely configuration issues or some issue with the way
> you're feeding data to Snort that is the problem.
>
> Are you only feeding data to Snort on the inside of your network? Is there
> a firewall blocking traffic on the outside, and that's why Snort doesn't
> see the traffic?
>
> If you are feeding outside traffic to Snort, do you have HOME_NET defined
> correctly, meaning do you have your outside IP addresses included in
> HOME_NET?
>
> --
> Eric
> http://www.linkedin.com/in/ericgearhart
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140414/fc7eea3a/attachment.html>


More information about the Snort-users mailing list