No subject


Thu Nov 23 16:36:19 EST 2017


successfully as it manages to
see all traffic between the firewall and the
ADSL_Modem. ( the traffic snort
picks up seems to be masq having only src and
dest addresses of eth0 of the
firewall and the IP of the ADSL_modem ).

The problem:
Snort doesn't log or alert to any attacks or
portscans coming in from the
internet. (nmap using different options and the
site Shields up which port
scans your IP and displays results).
I checked to see if the actual installation
works by connecting a machine to
Hub1 and running a portscan - snort picked it up
successfully. When a portscan is run from the
internet on the firewall
public IP (ppp0) - snort doesn't pick it up.


I have tried different combination HOME_NET and
EXTERNEL_NET settings but
any ideas are welcome - I might have overlooked
an option.

btw - I managed to get Snort to log ARP
requests between the ADSL_MODEM and eth0 on the
Firewall by using 10.200.1.1/32 as my HOME_NET
- I dont know if thats right but atleast its
logging something....

If any other information is needed to find a
solution to the problem, please
say so and I will post it ASAP.

Any Suggestions would be very much appreciated.
Thanks alot.

Regards,











-- 

_______________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup







More information about the Snort-users mailing list