Thu Nov 23 16:36:19 EST 2017
successfully as it manages to
see all traffic between the firewall and the
ADSL_Modem. ( the traffic snort
picks up seems to be masq having only src and
dest addresses of eth0 of the
firewall and the IP of the ADSL_modem ).
Snort doesn't log or alert to any attacks or
portscans coming in from the
internet. (nmap using different options and the
site Shields up which port
scans your IP and displays results).
I checked to see if the actual installation
works by connecting a machine to
Hub1 and running a portscan - snort picked it up
successfully. When a portscan is run from the
internet on the firewall
public IP (ppp0) - snort doesn't pick it up.
I have tried different combination HOME_NET and
EXTERNEL_NET settings but
any ideas are welcome - I might have overlooked
btw - I managed to get Snort to log ARP
requests between the ADSL_MODEM and eth0 on the
Firewall by using 10.200.1.1/32 as my HOME_NET
- I dont know if thats right but atleast its
If any other information is needed to find a
solution to the problem, please
say so and I will post it ASAP.
Any Suggestions would be very much appreciated.
Sign-up for your own FREE Personalized E-mail at Mail.com
More information about the Snort-users