Snort mailing list archives
Complex network + Multi-interface sensor = trouble
From: Jeff Newton <Jeff_Newton () pmc-sierra com>
Date: Tue, 11 Dec 2001 11:49:50 -0800
I want to monitor multiple subnets (internet, DMZ, internal, etc) with a single multi-interface sensor and have a few implementation questions: 1) Is it best/possible to run on all interfaces using a single snort.conf? My initial sensor test fired constantly on detected RPC traffic and I imagine tuning this out, only on specific interfaces will be a real challenge. 2) Can EXTERNAL_NET be defined as any not-equal-to HOME_NET? I suspect this isn't the default , which is why the RPC rule was firing on HOME_NET to HOME_NET traffic - the rpc rule fires on any -> HOME_NET. Any other multi-interface sensor implementation help/suggestions would be greatly appreciated. Cheers, -- Jeff Newton _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Complex network + Multi-interface sensor = trouble Jeff Newton (Dec 11)
- Re: Complex network + Multi-interface sensor = trouble Erek Adams (Dec 11)