Snort mailing list archives
RE: home_net and external_net: how to use ! with mu ltiple subnets ?
From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Thu, 21 Aug 2003 11:50:58 -0400
Tom, I'm running Snort versions older than yours, but I don't have the reported problem you do. Would it be possible to send the snort.conf file along with the bad-traffic.rules file [0]? Or at least send along a snapshot of line 12 in the bad-traffic.rules file. Maybe there is just something weird about that line. - Christopher [0] /var/chroot/snort/etc/./snort.org-rules/bad-traffic.rules -----Original Message----- From: Tom Van Overbeke [mailto:tvanoverbeke () ccncsi net] Sent: Thursday, August 21, 2003 4:27 AM To: 'L. Christopher Luther' Cc: 'Snort-Users (E-mail)'; 'Erek Adams' Subject: RE: [Snort-users] home_net and external_net: how to use ! with multiple subnets ? Hi, just for clarification, i have this in my snort.conf: var EXTERNAL_NET !$HOME_NET and in the rules the variable EXTERNAL_NET has a leading $ everywhere. so maybe my version is too old ? i'm running version snort-2.0.0-1.0.10 on redhat advanced server 2.1 What version are you guys running ? thx, tom.
-----Original Message----- From: L. Christopher Luther [mailto:CLuther () Xybernaut com] Sent: 20 August 2003 18:04 To: 'Tom Van Overbeke' Cc: Snort-Users (E-mail); 'Erek Adams' Subject: RE: [Snort-users] home_net and external_net: how to use ! with multiple subnets ? Make sure your bad-traffic.rules file uses $EXTERNAL_NET and not just EXTERNAL_NET. The rules parser needs the leading "$" character in order to treat the EXTERNAL_NET as a macro. Cheers! -----Original Message----- From: Tom Van Overbeke [mailto:tvanoverbeke () ccncsi net] Sent: Wednesday, August 20, 2003 10:13 AM To: 'Erek Adams' Cc: 'Snort-Users (E-mail)' Subject: RE: [Snort-users] home_net and external_net: how to use ! with multiple subnets ? sorry but no go: if i try it, snort won't run, it quits with this error: Aug 20 16:10:58 pitbull snort: FATAL ERROR: Undefined variable name: (/var/chroot/snort/etc/./snort.org-rules/bad-traffic.rules:12) : EXTERNAL_NET-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Erek Adams Sent: 20 August 2003 15:12 To: Tom Van Overbeke Cc: Snort-Users (E-mail) Subject: Re: [Snort-users] home_net and external_net: how to use ! with multiple subnets ? On Wed, 20 Aug 2003, Tom Van Overbeke wrote: [...snip...]is there a way to define external_net as 'everything thatis not home_net',and if yes, what's the correct syntax ?var EXTERNAL_NET !$HOME_NET [...snip...] Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs availabletoday? Fromcareers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users************************************************************** ************** Disclaimer: This electronic transmission and any files attached to it are strictly confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. If you have received this transmission in error, please notify the sender by return and delete the transmission. Although the sender endeavors to maintain a computer virus free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Thank You. ************************************************************** ************** ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
**************************************************************************** Disclaimer: This electronic transmission and any files attached to it are strictly confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. If you have received this transmission in error, please notify the sender by return and delete the transmission. Although the sender endeavors to maintain a computer virus free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. Thank You. **************************************************************************** ------------------------------------------------------- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: home_net and external_net: how to use ! with mu ltiple subnets ? L. Christopher Luther (Aug 20)
- RE: home_net and external_net: how to use ! with multiple subnets ? Tom Van Overbeke (Aug 21)
- RE: home_net and external_net: how to use ! with multiple subnets ? Erek Adams (Aug 21)
- RE: home_net and external_net: how to use ! with multiple subnets ? Tom Van Overbeke (Aug 22)
- RE: home_net and external_net: how to use ! with multiple subnets ? Erek Adams (Aug 21)
- <Possible follow-ups>
- RE: home_net and external_net: how to use ! with mu ltiple subnets ? L. Christopher Luther (Aug 22)
- RE: home_net and external_net: how to use ! with multiple subnets ? Tom Van Overbeke (Aug 21)