[Snort-users] Snort vulnerability scan detection

waldo kitty wkitty42 at ...14940...
Mon Apr 14 19:37:50 EDT 2014


On 4/14/2014 2:57 PM, Teo En Ming wrote:
> Dear waldo kitty,
>
> Can you help me scan my network?

i'm sorry but i do not perform penetration testing without a contract... 
however, there are sites on the 'net that you can go to that do offer scan 
testing... i'm not sure what search terms to use to find them, though...

> Thank you.

you are welcome... at least for the little i can offer you right now ;)

> Teo En Ming
>
>
> On Tue, Apr 15, 2014 at 1:19 AM, waldo kitty <wkitty42 at ...14940...
> <mailto:wkitty42 at ...14940...>> wrote:
>
>     On 4/14/2014 11:37 AM, Teo En Ming wrote:
>      > Dear Eric G,
>      >
>      > My snort sensor is behind a NAT router with Stateful Packet Inspection (SPI)
>      > firewall. My HOME_NET is 192.168.1.0/24 <http://192.168.1.0/24>
>     <http://192.168.1.0/24>. I usually run
>      > nmap and nessus scans from the internal network against my PUBLIC IP address.
>
>     that means that your scans are HOME_NET -> HOME_NET *IF* you have your external
>     public address listed in your HOME_NET...
>
>     if you do not have your public address in your HOME_NET then you are scanning
>     HOME_NET -> EXTERNAL_NET...
>
>     in both cases, if you are expecting EXTERNAL_NET -> HOME_NET rules to fire, you
>     are misunderstanding how the rules work... you have to scan from a machine that
>     is outside your HOME_NET...



-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list