Snort mailing list archives
Re: snort.conf & commandline.
From: "Francesca Milanini" <fra.mila () tiscalinet it>
Date: Wed, 10 Jul 2002 21:40:27 +0200
Sure...don't worry...no confusion... I was testing exacty that situation (I want to detect ONLY my "home-net traffic")...then: --- var HOME_NET 10.x.x.x/y # with y = real CIDR of my home-net and 10.x.x.x. = IP address of my home-net var EXTERNAL_NET $HOME_NET --- It's the first time I use Snort and my work is to detect ONLY my home_net traffic, so, it's "strange" but "necessary" to set EXTERNAL_NET equal to HOME_NET. Is it right? Have you used Snort only for your home-net traffic? I think I can disable other variables about SMTP server, DNS server,... Do you know where I can find recent snort.rules? Do you know if I can use "snort-1.8.7." with Debian Woody (testing)? Thanks, Fra. ----- Original Message ----- From: "Don" <Don () WeberOnTheWeb com> To: "Sander Smeenk" <ssmeenk () freshdot net>; "Francesca Milanini" <francesca.milanini () fastwebnet it> Cc: "Rich Adamson" <radamson () routers com>; <snort-users () lists sourceforge net> Sent: Wednesday, July 10, 2002 9:09 PM Subject: RE: [Snort-users] snort.conf & commandline.
there seems to be some confusion here, i am anyway, the following variables, will set External_net == equal to Home_net var EXTERNAL_NET = $HOME_NET doesn't work (I tried it yesterday) var EXTERNAL_NET $HOME_NET is ok (I tried it now) you dont want that!! the following will set External_Net to anything BUT home_net var EXTERNAL_NET !$HOME_NET this is what you want, unless you are only wanting to detect your home_net traffic, and of course you need to make sure home_net is not set to
""any""
so your home_net variable should be set to your IP like so var Home_Net 192.168.0.0/24 or whatever your ip address/range is var Home_Net [192.168.0.25/32,192.168.0.30/32] etc...
Quoting Francesca Milanini (francesca.milanini () fastwebnet it):var EXTERNAL_NET = $HOME_NET doesn't work (I tried it yesterday) var EXTERNAL_NET $HOME_NET is ok (I tried it now)
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Two, two, TWO treats in one. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort.conf & commandline. Sander Smeenk (Jul 08)
- Re: snort.conf & commandline. J. Craig Woods (Jul 08)
- Re: snort.conf & commandline. Sander Smeenk (Jul 08)
- Re: snort.conf & commandline. Rich Adamson (Jul 08)
- Re: snort.conf & commandline. Erek Adams (Jul 08)
- Re: snort.conf & commandline. Francesca Milanini (Jul 09)
- Re: snort.conf & commandline. Sander Smeenk (Jul 10)
- RE: snort.conf & commandline. Don (Jul 10)
- RE: snort.conf & commandline. Sergio Aldo Casas (Jul 10)
- Re: snort.conf & commandline. John Sage (Jul 10)
- Re: snort.conf & commandline. Francesca Milanini (Jul 10)
- Re: snort.conf & commandline. Sander Smeenk (Jul 08)
- Re: snort.conf & commandline. J. Craig Woods (Jul 08)
- <Possible follow-ups>
- RE: snort.conf & commandline. McCammon, Keith (Jul 10)
- RE: snort.conf & commandline. Kevin Brown (Jul 10)