Snort mailing list archives
RE: var HOME_NET and rule updates
From: "Noller, Gregory" <Noller2G () kochind com>
Date: Fri, 26 Jul 2002 09:39:40 -0500
--__--__--
Message: 13 From: "Daniel Lopez" <dlopez () tct hut fi> To: <snort-users () lists sourceforge net> Date: Fri, 26 Jul 2002 16:31:59 +0300 Subject: [Snort-users] newbie questions about snort.conf Hello, I'm a newbie with Snort and I guess you will find the following questions are basic. I'm performing some tests on Snort with two LANs. I set the HOME_NET and EXTERNAL_NET variables to these values: var HOME_NET 10.50.1.0/24 var EXTERNAL_NET !$HOME_NET
===>Just set your var's to any to capture all threats in both directions. var HOME_NET any var EXTERNAL_NET any
However, I would like to detect attacks from boths subnets. Do you know if I will be able to detect attacks from both sides (from inside and outside my home network) with these values or should I set them to ANY? Then, because I am using small LANS for tests, I don't have any SMTP, HTTP and SQL servers. Thus, do I have to set the other variables to ANY (HTTP_SERVERS, SQL_SERVERS,...) or do I have to comment them? (however, if I comment them, I will have problems with rules, isn't it?)
Just leave them as they are, default. They will work fine.
Last question [sorry! :( ], I downloaded last version 1.8.7 and the snort rulesets. My question is how do I update rules?
By hand. The hard way. Once you start customizing the rules to work for you, it gets real hard to update the rules. I used to do it by hand, no I use Demarc Puresecure (a commercial product) and it updates rules automagically. I'm sure there are scripts, freeware products, and favorite ways. I just don't have the time. Greg Wichita ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: var HOME_NET and rule updates Noller, Gregory (Jul 26)
- RE: RE: var HOME_NET and rule updates Daniel Lopez (Jul 26)
- <Possible follow-ups>
- RE: RE: var HOME_NET and rule updates Noller, Gregory (Jul 26)