Snort mailing list archives
Re: home_net & external_net question
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 16 Jul 2013 11:50:51 -0400
I figured that was the case. Okay, someone that has pfsense on the list will have to write you back then, I’m not sure how that interaction works. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Jul 16, 2013, at 3:13 AM, slava () webii net wrote:
On 16.07.2013 02:09, Joel Esler wrote:Are you using a snort in inline mode, or is it built into a firewall?Thanks, Joel. That's a pfsense snort instance.A rather old one (2.9.2.3), but nevertheless. So, it's built into the firewall. -- Slava-- Joel Esler Sent from my iPad On Jul 15, 2013, at 5:57 PM, "slava () webii net" <slava () webii net> wrote:Hello, I'm not very skilled with snort. But have some understanding of how it works. So here is my situation: We have a snort instance, which protect out internal network. HOME_NET is set with a bunch of internal networks. EXTERNAL_NET is set as !$HOME_NET Today a few sites have been infected with a trojan, and upon it activation, all sites from our internal network have been blocked at once. My question is : Did snort acted correctly by blocking IPs from HOME_NET or not ? Should snort not block networks listed in HOME_NET no matter what ? Appreciate any help. Thank you, Slava ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- home_net & external_net question slava () webii net (Jul 15)
- Re: home_net & external_net question Joel Esler (Jul 15)
- Re: home_net & external_net question slava () webii net (Jul 16)
- Re: home_net & external_net question Joel Esler (Jul 16)
- Re: home_net & external_net question slava () webii net (Jul 16)
- Re: home_net & external_net question Joel Esler (Jul 15)