Snort mailing list archives
Re: Configuration issue
From: Brian <bmc () snort org>
Date: Sun, 23 Sep 2001 13:51:15 -0400
Let me just make this one comment... According to DJDave Sobel:
var HOME_NET [209.190.196.160/28,209.190.206.65/32,209.190.206.66/32,209.190.206.64/3 2,10.1.0.0/24,10.2.0.0/24] var EXTERNAL_NET !$HOME_NET var SMTP $HOME_NET var SMTP_SERVERS $HOME_NET var HTTP_SERVERS $HOME_NET var SQL_SERVERS $HOME_NET #var DNS_SERVERS [209.190.196.163/32,209.190.196.174/32] var DNS_SERVERS $HOME_NET preprocessor portscan: $HOME_NET 4 3 portscan.log preprocessor portscan-ignorehosts: $DNS_SERVERS
You set DNS_SERVERS to HOME_NET and then ignore HOME_NET in your portscan-ignorehosts. Why bother running the portscan preprocessor if you are not going to watch for portscnas? -brian _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Configuration issue DJDave Sobel (Sep 22)
- Re: Configuration issue John Sage (Sep 22)
- Re: Configuration issue Brian (Sep 23)
- Configuration issue, Part II DJDave Sobel (Sep 23)
- Re: Configuration issue, Part II Erek Adams (Sep 23)
- RE: Configuration issue, Part II DJDave Sobel (Sep 24)
- Re: Configuration issue, Part II Chris Keladis (Sep 24)
- -i switch Matthew Francis (Sep 24)
- Re: Configuration issue, Part II Chris Keladis (Sep 24)
- Re: Configuration issue, Part II Erek Adams (Sep 24)
- RE: Configuration issue, Part II DJDave Sobel (Sep 24)
- RE: Configuration issue, Part II DJDave Sobel (Sep 24)
- RE: Configuration issue, Part II Erek Adams (Sep 24)
- Configuration issue, Part II DJDave Sobel (Sep 23)