Snort mailing list archives
RE: More on home_net and external_net
From: Kris Quinby <kquinby () pdx medscapeinc com>
Date: Tue, 14 Aug 2001 10:26:47 -0700
I would also make sure your snort sensor is in a spot on the network to observe traffic that stays on your HOME_NET. Kris -----Original Message----- From: Erek Adams [mailto:erek () theadamsfamily net] Sent: Tuesday, August 14, 2001 8:25 AM To: Gisli Helgason Cc: snort-users () lists sourceforge net Subject: RE: [Snort-users] More on home_net and external_net On Tue, 14 Aug 2001, Gisli Helgason wrote:
Sorry bur I was not wery clear on what I wanted.
Hey, I hadn't had my coffee either!
I want to see attacks originating on external and home with a destination
of
home.
then: var $HOME_NET any
I do not want to see attacks originating in home and with a destination of external.
Ugh... To my limted knowledge, this isn't something you can do. Most of the rules use "$HOME_NET" to choose the rules. You can dig thru the rules and find all of the $HOME_NET -> $EXTERNAL_NET rules and comment them out. That's the only way I can think of at the moment. Anyone else got other methods?
I already have the configuration you gave me but I am missing all attacks from home to home.
It's not a simple one.... Good luck! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More on home_net and external_net Gisli Helgason (Aug 14)
- Re: More on home_net and external_net Erek Adams (Aug 14)
- <Possible follow-ups>
- RE: More on home_net and external_net Gisli Helgason (Aug 14)
- RE: More on home_net and external_net Erek Adams (Aug 14)
- RE: More on home_net and external_net Kris Quinby (Aug 14)