Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Need some help on Snort testing

    pfSense Packages
    2
    2
    1223
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jgaumtsac.edu last edited by

      I installed the Snort package, downloaded the rules, configured both WAN and LAN interfaces for Snort, and it seems working fine (service, snort interfaces are all up and green).  For testing purpose, I enable Snort_icmp-info.rules and all the rules inside the category.  The ping and nmap scan to the WAN and LAN interfaces do not generate any alert or block the attacker.  Any suggestion would be appreicated.

      Jim

      1 Reply Last reply Reply Quote 0
      • S
        sdb1031 last edited by

        I believe that many of those rules are designed to alert when icmp traffic sourced from EXTERNAL_NET destined for HOME_NET.  So in order for those rules to alert,  a successful ping has to occur that matches those conditions.

        When I was testing snort,  I was pinging from a lan interface to a lan interface.  Since neither was from a network associated with EXTERNAL_NET I would never see an alert.  In order to get an alert to fire, I modified both EXTERNAL_NET and HOME_NET variables in one of the icmp rules to read "Any".  This way, you don't have to be concerned with where your traffic originates from.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy