Snort mailing list archives
Re: disable spp_portscan2
From: John Sage <jsage () finchhaven com>
Date: Tue, 18 Mar 2003 12:58:01 -0800
Erek: Here's a chance to ask a question I've had... On or about Tue, Mar 18, 2003 at 11:46:06AM -0500, Erek Adams posited:
On Tue, 18 Mar 2003, John Sage wrote:Erek, et al:
<snip>
As it's done above, you're setting EXTERNAL_NET to HOME_NET. That
basically turns most rules into "if from this host to this host."
Now if that's what is really intended:
var HOME_NET $lo0_ADDRESS
var EXTERNAL_NET any
Does the "any" for EXTERNAL_NET include HOME_NET, or does it really
mean "any other"?
- John
--
"You must define an operating system environment,
or the configuration file build will puke."
PGP key: http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800 4EF6 5FC8 F23D 35A4 F705
-------------------------------------------------------
This SF.net email is sponsored by: Does your code think in ink?
You could win a Tablet PC. Get a free Tablet PC hat just for playing.
What are you waiting for?
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: disable spp_portscan2, (continued)
- Re: disable spp_portscan2 John Sage (Mar 18)
- Re: disable spp_portscan2 Xue Wu (Mar 18)
- Re: disable spp_portscan2 Erek Adams (Mar 18)
- Re: disable spp_portscan2 Xue Wu (Mar 18)
- Re: disable spp_portscan2 Erek Adams (Mar 18)
- Re: disable spp_portscan2 Xue Wu (Mar 18)
- Re: disable spp_portscan2 Erek Adams (Mar 18)
- Re: disable spp_portscan2 Xue Wu (Mar 18)
- Re: disable spp_portscan2 John Sage (Mar 18)
- Re: disable spp_portscan2 Demetri Mouratis (Mar 18)
- Re: disable spp_portscan2 Erek Adams (Mar 18)
- Re: disable spp_portscan2 John Sage (Mar 18)
- Re: disable spp_portscan2 Erek Adams (Mar 18)