OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: McCammon, Keith (Keith.McCammoneadvancemed.com)
Date: Fri May 03 2002 - 10:32:50 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Assuming that 1) you're HOME_NET variable is set correctly, and 2) your sensor is properly placed on a monitoring port on your switch, then snort should detect nmap scans destined for any machine within the HOME_NET scope.

    And you can start snort from the command line and see which include files are loading, as well as the total number of rules loaded at initialization.

    Cheers

    Keith

    -----Original Message-----
    From: Emanuele Salvador [mailto:leleprofim.florida.it]
    Sent: Friday, May 03, 2002 11:25 AM
    To: snort-userslists.sourceforge.net
    Subject: [Snort-users] As a newbie, two questions

    I recently installed on a Linux box (Redhat 7.2) snort and acid, following
    the instructions (kindly provided on
    http://www.sfhn.net/whites/snort_acid-rpm.html) by Mr. Mark Johnson.

    The installation went straightforward and everything seems to work. But...

    1) snort seems to detect portscans from nmap only on the host where snort
    runs. Is this a normal behaviour? It is not clear for me if snort should
    detect portscans on all the net (or if it should not detect portscans at
    all).

    2) I've not been able to verify if my snort.conf loads correctly. Is there
    a way to see what rules are loaded?

    Thanks to all,
    Emanuele Salvador

    "The stars are matter, we're matter. But it doesn't matter."

    - Don Van Vliet -

    _______________________________________________________________

    Have big pipes? SourceForge.net is looking for download mirrors. We supply
    the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users

    _______________________________________________________________

    Have big pipes? SourceForge.net is looking for download mirrors. We supply
    the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users