Snort mailing list archives
Re: Snort IGNORES var HOME_NET
From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 03 May 2002 11:50:52 -0400
Hmm, what is your EXTERNAL_NET specified as? by default it is set to any, so until you change that, you will get alerts for home - to - home attacks.
At 09:18 AM 5/3/2002 +0000, counterping () uk2 net wrote:
Hiya,I am fairly new to the world of Snort and hopefully someone maybe able to helpme out: (1.83 ver) I have set up several networks within the home_net variable under snort.conf var HOME_NET [64.6.189.0/24,172.16.10.0/24,10.10.60.10/24,10.10.30.0/16,192.168.10.0/24,192.1 68.20.0/24] However, SNORT seems to IGNORE these networks as my Home Networks and send alarms for HOME to HOME intrusions. For example, I am still seeing lots of alarms from my 172.16.10.0 home network to my 10.10.30.0 home network,If a particular rule specifies EXTERNAL_NET -> HOME_NET surely I should NOT getalerted when the packet is sent from my home network to another home network ? i.e 172.16.10.35 -----> 10.10.30.10 Any help would be greatly appreciated Martin ---------------------------------------------------------- This message was sent using http://uk2.net NEWS - CHEAPEST DEDICATED SERVERS IN THE WORLD - 25/month FREE UK DIAL 0845 609 1370 - username uk2: - password: uk2 UK's FREE Domains, FREE Dialup, FREE Webdesign, FREE email _______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________________________ Have big pipes? SourceForge.net is looking for download mirrors. We supply the hardware. You get the recognition. Email Us: bandwidth () sourceforge net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort IGNORES var HOME_NET counterping (May 03)
- Re: Snort IGNORES var HOME_NET Matt Kettler (May 03)
- Re: Snort IGNORES var HOME_NET Leonardo Alcantara Moreira (May 03)
- <Possible follow-ups>
- RE: Snort IGNORES var HOME_NET Ryan Hill (May 03)
- Re: Snort IGNORES var HOME_NET Vadim Pushkin (May 07)
- Re: Snort IGNORES var HOME_NET Erek Adams (May 07)
- Re: Snort IGNORES var HOME_NET Vadim Pushkin (May 08)
- Re: Snort IGNORES var HOME_NET Matt Kettler (May 08)
- Re: Snort IGNORES var HOME_NET Vadim Pushkin (May 08)