Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What am I missing?

From: Max Vision <vision () whitehats com>
Date: Sat, 5 May 2001 18:03:07 -0700 (PDT)
On Sun, 6 May 2001, Ed Greshko wrote:

Here is my setup....
3 machines on the same subnet.

...

Snort configuration:
  var HOME_NET [10.220.17.0/24,!10.220.17.96/32]
  var EXTERNAL_NET !$HOME_NET



The machines are on the same subnet, yet you are defining EXTERNAL_NET as
"everything that is not in the internal subnet"... so any rule that
watches for external->internal will skip right over your traffic.

Try setting EXTERNAL_NET to "any" if you want to do local testing like
this...

Max


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: