[Snort-users] Snort vulnerability scan detection
wkitty42 at ...14940...
Mon Apr 14 19:37:50 EDT 2014
On 4/14/2014 2:57 PM, Teo En Ming wrote:
> Dear waldo kitty,
> Can you help me scan my network?
i'm sorry but i do not perform penetration testing without a contract...
however, there are sites on the 'net that you can go to that do offer scan
testing... i'm not sure what search terms to use to find them, though...
> Thank you.
you are welcome... at least for the little i can offer you right now ;)
> Teo En Ming
> On Tue, Apr 15, 2014 at 1:19 AM, waldo kitty <wkitty42 at ...14940...
> <mailto:wkitty42 at ...14940...>> wrote:
> On 4/14/2014 11:37 AM, Teo En Ming wrote:
> > Dear Eric G,
> > My snort sensor is behind a NAT router with Stateful Packet Inspection (SPI)
> > firewall. My HOME_NET is 192.168.1.0/24 <http://192.168.1.0/24>
> <http://192.168.1.0/24>. I usually run
> > nmap and nessus scans from the internal network against my PUBLIC IP address.
> that means that your scans are HOME_NET -> HOME_NET *IF* you have your external
> public address listed in your HOME_NET...
> if you do not have your public address in your HOME_NET then you are scanning
> HOME_NET -> EXTERNAL_NET...
> in both cases, if you are expecting EXTERNAL_NET -> HOME_NET rules to fire, you
> are misunderstanding how the rules work... you have to scan from a machine that
> is outside your HOME_NET...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
More information about the Snort-users