|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Erek Adams (erek
theadamsfamily.net)Date: Thu Nov 01 2001 - 14:13:06 CST
On Thu, 1 Nov 2001, snortlst snortlst wrote:
> My first sensor runs outside firewall and it displays a lot of alerts.
> The second sensor is placed inside my network and monitors firewall aln nic.
> It displays very few alerts (in fact only alerts from our external dns
> servers are displayed as a port scans)
> Is that normal? I mean is that normal that I almost don't see alerts inside
> my lan?
[Also see next message...]
Yes, IMHO, that's normal as normal gets. Consider what a firewall does:
Allow or Deny or Drop packets based on rules you define. If you don't let the
packets through the firewall, then your interior sensor won't see them.
DNS servers and portscans is listed in the FAQ.
http://www.snort.org/docs/faq.html#6.18
-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]