Snort mailing list archives
trouble specifying more than one HOME_NET variable
From: Philip Davidson <Philip () dpc-paris com>
Date: Thu, 26 Jun 2003 10:44:26 -0500
Hello all, I am trying to specify my $HOME_NET variable to be two separate internal LANs. After making the below change, I tried to start snort back up and it would not start. After issuing a "/etc/init.d/snort start", my startup script tells me that it is up and running. But then I issue a "ps -ef|grep snort" and there is no snort. Any idears? Here is a section of my conf: var HOME_NET [192.168.1.0/24,192.168.5.0/24] # Set up the external network addresses as well. # A good start may be "any" var EXTERNAL_NET !$HOME_NET # Configure your server lists. This allows snort to only look for attacks # to systems that have a service up. Why look for HTTP attacks if you are # not running a web server? This allows quick filtering based on IP addresses # These configurations MUST follow the same configuration scheme as defined # above for $HOME_NET. # List of DNS servers on your network var DNS_SERVERS $HOME_NET # List of SMTP servers on your network var SMTP_SERVERS $HOME_NET # List of web servers on your network var HTTP_SERVERS $HOME_NET # List of sql servers on your network var SQL_SERVERS $HOME_NET # List of telnet servers on your network var TELNET_SERVERS $HOME_NET # Configure your service ports. This allows snort to look for attacks # destined to a specific application only on the ports that application # runs on. For example, if you run a web server on port 8081, set your # HTTP_PORTS variable like this: # # var HTTP_PORTS 8081 # # Port lists must either be continuous [eg 80:8080], or a single port [eg 80]. # We will adding support for a real list of ports in the future. # Ports you run web servers on var HTTP_PORTS 80 # Ports you want to look for SHELLCODE on. var SHELLCODE_PORTS !80 # Ports you do oracle attacks on var ORACLE_PORTS 1521 Thanks in advance Philip Davidson DPC, Inc. 1015 Maurice Fields Dr. Paris, TN 38242 731-642-8627 ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- trouble specifying more than one HOME_NET variable Philip Davidson (Jun 26)
- Re: trouble specifying more than one HOME_NET variable Erek Adams (Jun 26)
- Re: trouble specifying more than one HOME_NET variable James Lay (Jun 26)