Snort mailing list archives

Previous By Date Next
Previous By Thread Next

HOME_NET question

From: sart () trialgraphix com
Date: Thu, 3 Jun 2004 14:53:09 -0400
I have only one IDS and it is on the DMZ. 
For the HOME_NET var do i just put in the subnet of the DMZ or do i put in 
my VLAN subnets also?
Right now i have the DMZ and my 2 vlan subnets in var HOME_NET and i was 
just wondering if that is correct 

Lastly, after running snort on the default rule set with 2.1.2 for a 
couple of weeks i finally used oinkmaster to get and use the latest stable 
rules.   Now in the past 3 hours i have only gotten 3 alerts besides my 
self tests and they are all the robot.txt alert from the search engines. 
Is this normal for a sensor on a DMZ with a non MS webserver, email 
server, and ftp server?   Was i just used to getting all those false 
positives from the default ruleset?  It seems so quiet now. 

Thank guys, 

Seth Art



-------------------------------------------------------
This SF.Net email is sponsored by the new InstallShield X.

From Windows to Linux, servers to mobile, InstallShield X is the one

installation-authoring solution that does it all. Learn more and
evaluate today! http://www.installshield.com/Dev2Dev/0504
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: