Snort mailing list archives
Re: snort.conf
From: spiv007 <spiv007 () gmail com>
Date: Fri, 14 Jan 2005 09:39:10 -0500
HOME_NET -> [192.168.0.0/24] EXTERNAL_NET !$HOME_NET So by doing the above i'm jusr letting snort now 192.168.0.0 is mu home network and my external is any but my "home_network" and snort will still report problems on my home network too. ? On Thu, 13 Jan 2005 16:29:52 -0600, Frank Knobbe <frank () knobbe us> wrote:
On Thu, 2005-01-13 at 16:38 -0500, spiv007 wrote:Right that what im wondering will "var EXTERNAL_NET !$HOME_NET" show me an internet address attaching another internal address. Im using bleeding rules to detect virus and spyware. I was thinking "var EXTERNAL_NET any" will be my best option for this case.If you want to catch HOME_NET -> HOME_NET, then yes. Or you can mix them. I have snort.conf's that first set EXTERNAL_NET to HOME_NET, then include various rule sets, and then set EXTERNAL_NET to any, and include some selected rule sets. If all depends on what YOU want to catch. Cheers, Frank PS: I wonder what would happen if I set "var HOME_NET !$EXTERNAL_NET" ;)
------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort.conf spiv007 (Jan 12)
- Re: snort.conf Paul Schmehl (Jan 13)
- Re: snort.conf Jose Maria Lopez (Jan 13)
- <Possible follow-ups>
- snort.conf spiv007 (Jan 13)
- RE: snort.conf Esler, Joel - Contractor (Jan 13)
- RE: snort.conf Paul Schmehl (Jan 13)
- RE: snort.conf Esler, Joel - Contractor (Jan 13)
- Re: snort.conf spiv007 (Jan 13)
- Re: snort.conf Frank Knobbe (Jan 13)
- Re: snort.conf spiv007 (Jan 14)
- Re: snort.conf Paul Schmehl (Jan 14)
- Re: snort.conf spiv007 (Jan 14)
- Re: snort.conf Leon Ward (Jan 14)
- Re: snort.conf spiv007 (Jan 14)
- Re: snort.conf spiv007 (Jan 13)