Snort mailing list archives
Using Variables other than $HOME_NET and $EXTERNAL_NET?
From: "Robinson, Eric R." <erobinson () dot state nv us>
Date: Fri, 22 Mar 2002 15:18:52 -0800
Our State agency is part of a the larger State of Nevada network (we are a
subnet on their 10.x network).
We want to monitor:
1. Intrusion attempts into our network from any outside source,
including the rest of the state.
2. Intrusion attempts from our network to any other part of the
state network.
But we do NOT want to monitor intrusion attempts from our network to
anywhere else, including the public Internet.
This means that we really need three tests against every packet, not just
two (i.e, not just $HOME_NET and $EXTERNAL_NET).
Can we create a third variable, $STATE_NET, for this purpose? Would this
effect performance very much? Does the order of appearance on snort.conf
matter?
--Eric
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using Variables other than $HOME_NET and $EXTERNAL_NET? Robinson, Eric R. (Mar 22)