Snort mailing list archives

Re: snort probs


From: Erek Adams <erek () snort org>
Date: Sat, 11 Jan 2003 21:09:59 -0500 (EST)

On Sat, 11 Jan 2003, don wrote:

I have snort compiled on my linux box. Snort 1.8.4 and I am unable to
get the traffic washed through the
rulesets that I have ie: netbios-rules and such. I am sure what I am
doing is obvious however I cannot
finger it out. Any help appreciated.

Don't waste your time with 1.8.4.  Move up to the current version (1.9.x)
as there were quite a few bugs and features added between those versions.

Other than that, I'd guess that EXTERNAL_NET and/or HOME_NET are set
incorrectly.  Set HOME_NET to the IP range you want to watch/protect.
Then set EXTERNAL_NET to !$HOME_NET.

And as for 'washing'...  Snort doesn't do that.  Hogwash or the
snort-inline patch (for 1.9.x) would though.

Cheers!

-----
Erek Adams

   "When things get weird the wierd turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


Current thread: