Snort mailing list archives
Re: HOME_NET and EXTERNAL_NET variables
From: Tim Kramer <kramert () mlrnoc navy mil>
Date: 01 Nov 2001 22:18:37 -0500
I'm a total newbie at this also but, in reading the docs, would take a wild guess and suggest putting your networks in brackets such as [192.168.2.0/24,10.0.0.0/3,172.9.3.0/8] when defining $HOME_NET. You can then use the variable in your rules as in alert tcp any any -> $HOME_NET 25 (......... when watching for mail coming into you networks. - Tim On Thu, 2001-11-01 at 13:59, Merrick, Gary wrote:
Yes, this is a total newbie question, but I figured this is the right place to ask it. What is the purpose of the HOME_NET and EXTERNAL_NET variables that are defined in snort.conf? Does it change the formatting of the alerts? Or perhaps turn off the scanning of packets originating from an internal network? Or something else? I would imagine this would be a fairly straightforward process to define them if one had an extremely simple network architecture. But my ultimate aim is to be able to monitor 3 or 4 networks. In such a case, what is considered "home" and what is "external"? Any guidance would be much appreciated. Gary _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HOME_NET and EXTERNAL_NET variables Merrick, Gary (Nov 01)
- Re: HOME_NET and EXTERNAL_NET variables Erek Adams (Nov 01)
- Re: HOME_NET and EXTERNAL_NET variables Tim Kramer (Nov 01)