[Snort-users] Couple of questions.
yummycheese at ...6696...
Mon Jun 9 18:19:16 EDT 2014
Snort newbie here.
I have a few questions.
When I run Snort on my wan interface it doesn't log most of the alerts. I'll scan my IP from a friends house using Nessus and all that really shows up is a port scan from his IP.
If I run Snort on my lan interface everything shows up from the Nessus scan which is good but the problem with that is I get 100's of alerts from my private IP's going out to the internet. I tried ignoring the alerts with a bpf file with !(src net 192.168.1.0/24) but that just seems to stop logging all alerts.
Snort is running on my Freebsd gateway firewall.
Why would running Snort on my wan interface only show port scans and a few other alerts.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users