[Snort-users] Couple of questions.

Allan yummycheese at ...6696...
Mon Jun 9 18:19:16 EDT 2014


Snort newbie here.

I have a few questions. 

When I run Snort on my wan interface it doesn't log most of the alerts. I'll scan my IP from a friends house using Nessus and all that really shows up is a port scan from his IP.

If I run Snort on my lan interface everything shows up from the Nessus scan which is good but the problem with that is I get 100's of alerts from my private IP's going out to the internet. I tried ignoring the alerts with a bpf file with !(src net but that just seems to stop logging all alerts. 

Snort is running on my Freebsd gateway firewall. 

Why would running Snort on my wan interface only show port scans and a few other alerts.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140609/1def08ec/attachment.html>

More information about the Snort-users mailing list