Snort mailing list archives
Re: Home_Net, External_Net issue
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 21 May 2013 18:15:30 -0400
On 5/21/2013 16:12, Josh Bitto wrote:
Just udp….I think I have some insight…..When looking at the config Line 44 shows… # Setup the network addresses you are protecting ipvar HOME_NET [YOU_NEED_TO_SET_HOME_NET_IN_snort.conf] We use pfsense so it modifies the config accordingly. I’m trying to find a way to change that line to ipvar HOME_NET Any And not have it break anything within pfsense.
if this is like another firewall product that i'm familiar with, it may be that that line is supposed to be replaced with an include line which contains the name of another file that the firewall maintains with your WAN IP and possibly even your DNS servers... where did your snort.conf file come from? is it one that was included within the mod you applied to your pfsense installation??
*From:*Joel Esler [mailto:jesler () sourcefire com] *Sent:* Tuesday, May 21, 2013 12:47 PM *To:* Josh Bitto *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] Home_Net, External_Net issue On May 21, 2013, at 1:58 PM, Josh Bitto <jbitto () onlineschool ca <mailto:jbitto () onlineschool ca>> wrote: I’m wondering if this is a config issue or traffic setup issue. Currently my internal network the ONLY thing that ever shows up is portscans. I can’t get anything else to be looked at. Is this due to a Home_net and External_net being setup wrong? My understanding is if I list Home_net to “any” then snort should monitor that traffic. Is the traffic that you /are/ alerting on only UDP or TCP too?
-- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Home_Net, External_Net issue Josh Bitto (May 21)
- Re: Home_Net, External_Net issue Joel Esler (May 21)
- Re: Home_Net, External_Net issue Josh Bitto (May 21)
- Re: Home_Net, External_Net issue waldo kitty (May 21)
- Re: Home_Net, External_Net issue Josh Bitto (May 21)
- Re: Home_Net, External_Net issue Josh Bitto (May 21)
- Re: Home_Net, External_Net issue Joel Esler (May 21)