Get a copy of NMAP and start scanning devices on your network to see if the Snort box catches it. If not, you'll need to go over your config settings with a fine-tooth comb. You'll usually find that a type in the network address or something is easy to do.
The DNS variable is for you to put in the address(es) of you DNS machine(s). Thie will cause Snort to ignore certain DNS rules that would otherwise cause false alarms. Snort rule updates can be found at snort.org in the downloads section. On Sunday 22 September 2002 10:21 pm, Vandenbore Sebastiaan wrote: > On Friday 20 September 2002 20:25, you wrote: > > Ok, i've done that, and now the output is gone, I mean all output. Nothing > is being logged by snort anymore, or nothing special has happend these last > days. > > What about the DNS variabele ? What should be put there ? > Where can I find updates of the snort rules ? > > I've combined Snort with Bastille Firewall, Hostsentry, Portsentry and > Logcheck ( To get a mail notification every day ). Have you got any ideas > to secure the machine even more ? Is it a good combination ?
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
