Home page logo
/

snort logo Snort mailing list archives

Re: Home_Net, External_Net issue
From: Josh Bitto <jbitto () onlineschool ca>
Date: Tue, 21 May 2013 15:21:11 -0700


where did your snort.conf file come from? is it one that was included within the mod you applied to your pfsense 
installation??

Yes it was included in the mod or package as the guys at pfsense call it.


I found a solution to my problem....Within pfsense I have to create an alias that list all of my local subnets...then 
create a whitelist within snort and use that alias name. Then use that whitelist for each interface. Sounds like a lot 
but it's not. Apparently there is supposed to be a fix with a new version release of this package.




*From:*Joel Esler [mailto:jesler () sourcefire com]
*Sent:* Tuesday, May 21, 2013 12:47 PM
*To:* Josh Bitto
*Cc:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] Home_Net, External_Net issue

On May 21, 2013, at 1:58 PM, Josh Bitto <jbitto () onlineschool ca 
<mailto:jbitto () onlineschool ca>> wrote:



I’m wondering if this is a config issue or traffic setup issue. 
Currently my internal network the ONLY thing that ever shows up is 
portscans. I can’t get anything else to be looked at. Is this due to a 
Home_net and External_net being setup wrong? My understanding is if I 
list Home_net to “any” then snort should monitor that traffic.

Is the traffic that you /are/ alerting on only UDP or TCP too?



--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring 
service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few 
lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]