Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: home_net & external_net question

From: Joel Esler <jesler () sourcefire com>
Date: Mon, 15 Jul 2013 19:09:15 -0400
Are you using a snort in inline mode, or is it built into a firewall?


--
Joel Esler
Sent from my iPad

On Jul 15, 2013, at 5:57 PM, "slava () webii net" <slava () webii net> wrote:


Hello,

I'm not very skilled with snort. But have some understanding of how it
works.
So here is my situation:
We have a snort instance, which protect out internal network.
HOME_NET is set with a bunch of internal networks.
EXTERNAL_NET is set as !$HOME_NET
Today a few sites have been infected with a trojan, and upon it
activation, all sites from our internal network have been blocked at once.

My question is : Did snort acted correctly by blocking IPs from HOME_NET
or not ?
Should snort not block networks listed in HOME_NET no matter what ?


Appreciate any help.
Thank you,
Slava

------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: