Snort mailing list archives
Re: Will Snort understand something like this?
From: Eric Maheo <eric.maheo () appliedwatch com>
Date: Wed, 28 Sep 2005 09:10:31 -0500
Hi Snorters, I set the following in my snort.conf var HOME_NET 192.168.0.0/16 var DMZ_NET [192.168.5.0/24,192.168.10.0/24,192.168.15.0/24] var EXTERNAL_NET [!$HOME_NET,$DMZ_NET] Snort starts properly, but I don't know if Snort interprets EXTERNAL_NET correctly. Is there a way that I can find this information out? ps. Let's not try to understand how I get into this situation.
I won't comment :) Have you tried var EXTERNAL_NET [$DMZ_NET,!$HOME_NET] ? Like your DMZ_NET is in included in your HOME_NET I am guessing it stops its test at !$HOME_NET and won't look at what is in your $DMZ_NET.. This will require to look at the source to be certain.. or to test it. Thanks, Eric
Cheers, Hin __________________________________________________________________ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Eric Maheo Vice President of Engineering, Applied Watch Technologies, LLC 1095 Pingree Rd. Suite 212 Crystal Lake, IL 60014 Tel: (877) 262-7593 x324 Fax: (877) 262-7593 Email: eric.maheo () appliedwatch com Web: http://www.appliedwatch.com ------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Will Snort understand something like this? Hin (Sep 28)
- Re: Will Snort understand something like this? Joel Esler (Sep 28)
- Re: Will Snort understand something like this? Eric Maheo (Sep 28)
- <Possible follow-ups>
- Re: Will Snort understand something like this? Hin (Sep 28)