Snort mailing list archives
RE: HOME_NET and EXTERNAL_NET
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 01 Dec 2004 15:50:57 -0600
--On Wednesday, December 01, 2004 03:32:33 PM -0600 JAMIE CRAWFORD <crawford () cmsu1 cmsu edu> wrote:
Thanks for the reply, but that will still show me attacks coming from my class b. For some reason, I see alerts originating from and going to my class b, all I want to see is alerts about attacks made toward my two class c's, from anything but my class b. I know, a bit confusing.
Don't use a hammer for a screw. var HOME_NET [192.168.1.0/24,192.168.2.0/24] var EXTERNAL_NET !$HOME_NET var CLASS_B 192.168.0.0/16 Then use a pass rule for any traffic from 192.168.0.0/16 to $HOME_NET.pass ip $CLASS_B any -> $HOME_NET any (msg: ignore traffic from my class B to my HOME_NET; classtype:misc-activity; sid:1000001; rev:1;)
And start snort with the -o switch. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HOME_NET and EXTERNAL_NET JAMIE CRAWFORD (Dec 01)
- RE: HOME_NET and EXTERNAL_NET M. Shirk (Dec 01)
- Re: HOME_NET and EXTERNAL_NET Tim Slighter (Dec 01)
- Re: HOME_NET and EXTERNAL_NET M. Shirk (Dec 02)
- Re: HOME_NET and EXTERNAL_NET Tim Slighter (Dec 01)
- Re: HOME_NET and EXTERNAL_NET Tim Slighter (Dec 01)
- <Possible follow-ups>
- RE: HOME_NET and EXTERNAL_NET JAMIE CRAWFORD (Dec 01)
- Re: HOME_NET and EXTERNAL_NET Tim Slighter (Dec 01)
- RE: HOME_NET and EXTERNAL_NET Paul Schmehl (Dec 01)
- Re: HOME_NET and EXTERNAL_NET JAMIE CRAWFORD (Dec 01)
- Re: HOME_NET and EXTERNAL_NET Matt Kettler (Dec 01)
- RE: HOME_NET and EXTERNAL_NET Joe Patterson (Dec 01)
- HOME_NET and EXTERNAL_NET JAMIE CRAWFORD (Dec 02)
- RE: HOME_NET and EXTERNAL_NET M. Shirk (Dec 01)