[Snort-users] My Snort IDS Sensor Detected Nessus Vulnerability Scan

Teo En Ming teo.en.ming at ...11827...
Sat Apr 19 06:38:42 EDT 2014


Dear Eric G,

I added my internet-facing IP address to HOME_NET but alerts did not
increase tremendously. Here is my newly modified HOME_NET variable:

ipvar HOME_NET [192.168.1.0/24,175.156.117.62]

Please note that my internet-facing IP address is dynamic. Every time it
changes, I would have to modify snort.conf accordingly.

Thank you.

Regards,

Teo En Ming



On Sat, Apr 19, 2014 at 3:33 AM, Eric G <eric at ...15503...> wrote:

> On Apr 18, 2014 3:25 PM, "Teo En Ming" <teo.en.ming at ...11827...> wrote:
> >
> > Hi,
> >
> > My Snort IDS sensor detected nessus vulnerability scan. The nessus
> vulnerability scan was launched from WAN outside of HOME_NET. However, the
> alerts generated were few. It seems that Snort rules are not comprehensive
> enough.
> >
>
> Teo, once again, you don't have your HOME_NET defined as your external IP
> but you keep insisting that Snort isn't working right. Your config is
> broken, not Snort.
>
> If you want Snort to light up like a Christmas tree when you scan your
> box, tap your outside interface and define HOME_NET as your external IP
> address.
>
> --
> Eric
> http:// www.linkedin.com/in/ericgearhart
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140419/c4de836d/attachment.html>


More information about the Snort-users mailing list