[Snort-users] Couple of questions.

Allan yummycheese at ...6696...
Mon Jun 9 18:19:16 EDT 2014


Hello,

Snort newbie here.

I have a few questions. 

When I run Snort on my wan interface it doesn't log most of the alerts. I'll scan my IP from a friends house using Nessus and all that really shows up is a port scan from his IP.

If I run Snort on my lan interface everything shows up from the Nessus scan which is good but the problem with that is I get 100's of alerts from my private IP's going out to the internet. I tried ignoring the alerts with a bpf file with !(src net 192.168.1.0/24) but that just seems to stop logging all alerts. 

Snort is running on my Freebsd gateway firewall. 

Why would running Snort on my wan interface only show port scans and a few other alerts.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140609/1def08ec/attachment.html>


More information about the Snort-users mailing list