Snort mailing list archives
newbie questions about snort.conf
From: "Daniel Lopez" <dlopez () tct hut fi>
Date: Fri, 26 Jul 2002 16:31:59 +0300
Hello, I'm a newbie with Snort and I guess you will find the following questions are basic. I'm performing some tests on Snort with two LANs. I set the HOME_NET and EXTERNAL_NET variables to these values: var HOME_NET 10.50.1.0/24 var EXTERNAL_NET !$HOME_NET However, I would like to detect attacks from boths subnets. Do you know if I will be able to detect attacks from both sides (from inside and outside my home network) with these values or should I set them to ANY? Then, because I am using small LANS for tests, I don't have any SMTP, HTTP and SQL servers. Thus, do I have to set the other variables to ANY (HTTP_SERVERS, SQL_SERVERS,...) or do I have to comment them? (however, if I comment them, I will have problems with rules, isn't it?) Last question [sorry! :( ], I downloaded last version 1.8.7 and the snort rulesets. My question is how do I update rules? Can I do it manually by copying them to the default Snort directory or only by changing the RULE_PATH variable, or do I have to use a script such as Oinkmaster? Thanks in advance for all your help and sorry for all these basic questions... Daniel Lopez ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- newbie questions about snort.conf Daniel Lopez (Jul 26)
- Re: newbie questions about snort.conf twig les (Jul 26)
- RE: newbie questions about snort.conf Daniel Lopez (Jul 26)
- Re: newbie questions about snort.conf Erek Adams (Jul 26)
- Re: newbie questions about snort.conf twig les (Jul 26)