Snort mailing list archives

Re: Snort.conf variables

From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 10 Nov 2003 18:08:01 -0500

At 11:16 AM 11/10/2003, Remus wrote:

Just my small confusion regarding HOME_NET and EXTERNAL_NET variables.

I have a Linux firewall which one runs Snort as well:

eth0 - external network
eth1 - local network

And it has port forwards to web, smtp servers in the local network.

Now my question is which one variables I have to use for my eth0 and eth1?

Given your question, there's no possible answer. And quite frankly, thereal answer may be "neither". Snort configuration depends on a lot morethan just what your router interfaces are.


What interface is snort running on, eth0 or eth1?
Is there address translation going on?
What are HOME_NET and EXTERNAL_NET defined as relative to your network?
Are you looking to pick up inbound attacks, outbound attacks, or both?



-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort.conf variables Remus (Nov 10)
- Re: Snort.conf variables Matt Kettler (Nov 10)
  - Re: Snort.conf variables Remus (Nov 11)
    - Re: Snort.conf variables Matt Kettler (Nov 11)
- Re: Snort.conf variables Erek Adams (Nov 11)