[Snort-users] Couple of questions.
Joel Esler (jesler)
jesler at ...589...
Mon Jun 9 18:27:52 EDT 2014
On Jun 9, 2014, at 6:19 PM, Allan <yummycheese at ...6696...<mailto:yummycheese at ...6696...>> wrote:
Snort newbie here.
I have a few questions.
When I run Snort on my wan interface it doesn't log most of the alerts. I'll scan my IP from a friends house using Nessus and all that really shows up is a port scan from his IP.
If I run Snort on my lan interface everything shows up from the Nessus scan which is good but the problem with that is I get 100's of alerts from my private IP's going out to the internet. I tried ignoring the alerts with a bpf file with !(src net 192.168.1.0/24) but that just seems to stop logging all alerts.
Snort is running on my Freebsd gateway firewall.
Why would running Snort on my wan interface only show port scans and a few other alerts.
Did you try this?
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users