Snort mailing list archives
RE: home_net question
From: "McCammon, Keith" <Keith.McCammon () eadvancemed com>
Date: Tue, 12 Mar 2002 08:33:48 -0500
There are two "home net" settings in Snort: 1) The $HOME_NET variable in the config file, which is only a variable used within your .rules files, and 2) the -h directive at the command-line, which essentially tells Snort which network address(es) you are defending, causing Snort to inspect and log traffic accordingly. In certain cases and architectures, some users might not notice if these variables are not set. However, in most cases, you will notice if the command-line directive is not set, because some attacks against your network would be logged in directories named for the target address. Cheers Keith -----Original Message----- From: Basil Saragoza [mailto:snortlst () hotmail com] Sent: Monday, March 11, 2002 6:42 PM To: snort-users () lists sourceforge net Subject: [Snort-users] home_net question I try to figure out what is the meaning of home_net. FAQ says it is a network that I'm defending. Is that a logical definition (home_net) or does it make some practical sense? For example I can set home_net to: 1. address range of my lan 2. eth0_ADDRESS 3. address of my firewall only. I actually tried all of them and didn't notice real difference... _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Home_Net Question jaalexan (Jan 16)
- <Possible follow-ups>
- home_net question Basil Saragoza (Mar 11)
- RE: home_net question McCammon, Keith (Mar 12)