Snort mailing list archives
RE: snort.conf
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 13 Jan 2005 13:34:07 -0600
--On Thursday, January 13, 2005 10:36:00 AM -0500 "Esler, Joel - Contractor" <joel.esler () rcert-s army mil> wrote:
Huh? Are you certain? Any should mean any IP at all, which would include HOME_NET addresses. This would mean, for example, an internal address "attacking" another internal address would trigger an alert configured to alert from external to internal.IIRC, External_net set to any (if you have Home_net defined) is the same as your statement below
I don't think that's what most people want. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort.conf spiv007 (Jan 12)
- Re: snort.conf Paul Schmehl (Jan 13)
- Re: snort.conf Jose Maria Lopez (Jan 13)
- <Possible follow-ups>
- snort.conf spiv007 (Jan 13)
- RE: snort.conf Esler, Joel - Contractor (Jan 13)
- RE: snort.conf Paul Schmehl (Jan 13)
- RE: snort.conf Esler, Joel - Contractor (Jan 13)
- Re: snort.conf spiv007 (Jan 13)
- Re: snort.conf Frank Knobbe (Jan 13)
- Re: snort.conf spiv007 (Jan 14)
- Re: snort.conf Paul Schmehl (Jan 14)
- Re: snort.conf spiv007 (Jan 14)
- Re: snort.conf Leon Ward (Jan 14)
- Re: snort.conf spiv007 (Jan 14)
- Re: snort.conf spiv007 (Jan 13)