[Snort-users] My Snort IDS Sensor Detected Nessus Vulnerability Scan
Teo En Ming
teo.en.ming at ...11827...
Sat Apr 19 06:38:42 EDT 2014
Dear Eric G,
I added my internet-facing IP address to HOME_NET but alerts did not
increase tremendously. Here is my newly modified HOME_NET variable:
ipvar HOME_NET [192.168.1.0/24,18.104.22.168]
Please note that my internet-facing IP address is dynamic. Every time it
changes, I would have to modify snort.conf accordingly.
Teo En Ming
On Sat, Apr 19, 2014 at 3:33 AM, Eric G <eric at ...15503...> wrote:
> On Apr 18, 2014 3:25 PM, "Teo En Ming" <teo.en.ming at ...11827...> wrote:
> > Hi,
> > My Snort IDS sensor detected nessus vulnerability scan. The nessus
> vulnerability scan was launched from WAN outside of HOME_NET. However, the
> alerts generated were few. It seems that Snort rules are not comprehensive
> Teo, once again, you don't have your HOME_NET defined as your external IP
> but you keep insisting that Snort isn't working right. Your config is
> broken, not Snort.
> If you want Snort to light up like a Christmas tree when you scan your
> box, tap your outside interface and define HOME_NET as your external IP
> http:// www.linkedin.com/in/ericgearhart
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users