Snort mailing list archives

external net

From: "Murphy" <murphy () infomaniak ch>
Date: Fri, 10 Aug 2001 17:50:41 +0200

var EXTERNAL_NET !$HOME_NET

Sets external_net to any except your home_net.

Murphy


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Birkir
Björnsson
Sent: Friday, August 10, 2001 17:21
To: snort-users () lists sourceforge net
Subject: [Snort-users] external net


I´ve my snort.conf  set with homenet  specified for three /24 nets, the
external net is set to any.
And i´m getting these kind things in my log.

[**] [1:473:1] ICMP redirect net [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
08/10-15:17:10.455654 193.4.194.1 -> 193.4.194.25
ICMP TTL:30 TOS:0x0 ID:12657 IpLen:20 DgmLen:56
Type:5  Code:0  REDIRECT
[Xref => http://www.whitehats.com/info/IDS199]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0265]


How do i exclude my home net from the external nets.?


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

external net Birkir Björnsson (Aug 10)
- Re: external net Pontus Joakimsson (Aug 10)
- external net Murphy (Aug 10)
- <Possible follow-ups>
- RE: external net Kevin Brown (Aug 10)