[Snort-users] Snort vulnerability scan detection

Eric G eric at ...15503...
Mon Apr 14 11:26:07 EDT 2014


On Apr 14, 2014 11:19 AM, "Teo En Ming" <teo.en.ming at ...11827...> wrote:
>
> Hi,
>
> I ran both nessus and nmap scans. Snort is unable to detect these scans.
>

Teo I believe you really need to stop assuming Snort is the problem... it's
very, very likely configuration issues or some issue with the way you're
feeding data to Snort that is the problem.

Are you only feeding data to Snort on the inside of your network? Is there
a firewall blocking traffic on the outside, and that's why Snort doesn't
see the traffic?

If you are feeding outside traffic to Snort, do you have HOME_NET defined
correctly, meaning do you have your outside IP addresses included in
HOME_NET?

--
Eric
http://www.linkedin.com/in/ericgearhart
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140414/10f1a7d4/attachment.html>


More information about the Snort-users mailing list