newbie questions about snort.conf

["Daniel Lopez" <dlopez () tct hut fi>]

Hello,

I'm a newbie with Snort and I guess you will find the following
questions are basic.
I'm performing some tests on Snort with two LANs. I set the HOME_NET and
EXTERNAL_NET variables to these values:

var HOME_NET 10.50.1.0/24
var EXTERNAL_NET !$HOME_NET

However, I would like to detect attacks from boths subnets. Do you know
if I will be able to detect attacks from both sides (from inside and
outside my home network) with these values or should I set them to ANY?

Then, because I am using small LANS for tests, I don't have any SMTP,
HTTP and SQL servers.
Thus, do I have to set the other variables to ANY (HTTP_SERVERS,
SQL_SERVERS,...) or do I have to comment them? (however, if I comment
them, I will have problems with rules, isn't it?)

Last question [sorry! :( ], I downloaded last version 1.8.7 and the
snort rulesets.
My question is how do I update rules?
Can I do it manually by copying them to the default Snort directory or
only by changing the RULE_PATH variable, or do I have to use a script
such as Oinkmaster?

Thanks in advance for all your help and sorry for all these basic
questions...

Daniel Lopez



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users