Snort mailing list archives
RE: EXTERNAL_NET
From: "Ashley Thomas" <athomas () cc gatech edu>
Date: Sun, 23 Jun 2002 03:36:22 -0400
I was using var HOME_NET [A.B.0.0/16] var EXTERNAL_NET any Then i was also logging some alerts which had A.B.x.y - > A.B.z.w So i changed to var EXTERNAL_NET !HOME_NET But now i dont see any alerts !! Although there were some scans which were detected by another IDS. Is there some problem still with the above statement ? thanks -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Phil Wood Sent: Sunday, June 23, 2002 2:11 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] EXTERNAL_NET On Sun, Jun 23, 2002 at 01:32:40AM -0400, Ashley Thomas wrote:
Is it correct to say var EXTERNAL_NET !A.B.0.0/8 if i need to consider every ip except A.B.0.0 range as external ?
var HOME_NET [A.B.0.0/16]* var EXTERNAL_NET !HOME_NET The brackets allow for some more nets like: var HOME_NET [A.B.0.0/16,192.168.1.0/24]
thanks ashley ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- Sponsored by: ThinkGeek at http://www.ThinkGeek.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- EXTERNAL_NET Ashley Thomas (Jun 22)
- Re: EXTERNAL_NET Phil Wood (Jun 22)
- RE: EXTERNAL_NET Don (Jun 23)
- RE: EXTERNAL_NET Ashley Thomas (Jun 23)
- Re: EXTERNAL_NET Phil Wood (Jun 23)
- Re: EXTERNAL_NET Phil Wood (Jun 22)