Snort mailing list archives
Using Variables other than $HOME_NET and $EXTERNAL_NET?
From: "Robinson, Eric R." <erobinson () dot state nv us>
Date: Fri, 22 Mar 2002 15:18:52 -0800
Our State agency is part of a the larger State of Nevada network (we are a subnet on their 10.x network). We want to monitor: 1. Intrusion attempts into our network from any outside source, including the rest of the state. 2. Intrusion attempts from our network to any other part of the state network. But we do NOT want to monitor intrusion attempts from our network to anywhere else, including the public Internet. This means that we really need three tests against every packet, not just two (i.e, not just $HOME_NET and $EXTERNAL_NET). Can we create a third variable, $STATE_NET, for this purpose? Would this effect performance very much? Does the order of appearance on snort.conf matter? --Eric _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using Variables other than $HOME_NET and $EXTERNAL_NET? Robinson, Eric R. (Mar 22)