RE: [Snort-users] How do we detect intrusions from an IP ?
This is a discussion on RE: [Snort-users] How do we detect intrusions from an IP ? within the Snort forums, part of the System Security and Security Related category; Put your internal range as the IP range of your internal network, fill in a= ll the variables as best ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-22-2004
|
|||
|
|||
RE: [Snort-users] How do we detect intrusions from an IP ?
Put your internal range as the IP range of your internal network, fill in a=
ll the variables as best as possible. I put external net as !HOME_NET (eve= rything but what is defined as home_net) and monitor with a front-end, ACID= , or Aanval. I am assuming you are wanting to check for the possibilities o= f outside intrusions. -----Original Message----- From: msalmanf@students.ee.itb.ac.id [mailto:msalmanf@students.ee.itb.ac.id= ]=20 Sent: Wednesday, July 21, 2004 9:02 PM To: snort-users@lists.sourceforge.net Subject: [Snort-users] How do we detect intrusions from an IP ? Hello all... I am a snort beginner, How do we know or detect intrusions from an IP connecting to local area net= work. For example if we have IP range 192.168.0.1 - 192.168.0.5 (I filled var HOM= E_NET any in /etc/snort/snort.conf) How do we check whether 192.168.0.3 ha= s some intrusions/alerts or not ? Thank you, Regards, Salman ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/ ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterpris= e J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_idG21&alloc_id=10040&op,ick _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=BEort-users Disclaimer: This electronic message, including any attachments, is confidential and int= ended solely for use of the intended recipient(s). This message may contain= information that is privileged or otherwise protected from disclosure by a= pplicable law. Any unauthorized disclosure, dissemination, use or reproduct= ion is strictly prohibited. If you have received this message in error, ple= ase delete it and notify the sender immediately.=20 ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
