Snort mailing list archives
Re: newbie question about $HOME_NET
From: JJ Cummings <cummingsj () gmail com>
Date: Mon, 5 Oct 2009 08:33:53 -0600
In that case, you still want your $HOME_NET variable set to your network block that you are "protecting". But you should set your $EXTERNAL_NET to any.. this will let you see internal attacks against internal hosts (of course this assumes that you have your SPAN session / TAP setup to see this internal traffic). On Mon, Oct 5, 2009 at 8:11 AM, Daniel Qian <daniel.qian () supracanada com>wrote:
I am implementing Snort on our hosting network at the point where our two IPS links are connected - all traffic flowing on the two VLANs for ISPs are SPANed to the snort sniffing port. Some documents recommend setting $HOME_NET to my network block and a lot of detection rules actually have reference to this variable. The question is, if I want to detect bad traffic originating from a compromised host on my network should this variable be set to the default ANY? or is it common and proper way in this situation? Thanks in advance Daniel ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- newbie question about $HOME_NET Daniel Qian (Oct 05)
- Re: newbie question about $HOME_NET JJ Cummings (Oct 05)
- Re: newbie question about $HOME_NET Daniel Qian (Oct 05)
- Re: newbie question about $HOME_NET Joel Esler (Oct 05)
- Re: newbie question about $HOME_NET Daniel Qian (Oct 05)
- Re: newbie question about $HOME_NET Daniel Qian (Oct 05)
- Re: newbie question about $HOME_NET JJ Cummings (Oct 05)