Snort mailing list archives
Re: Snort.conf variables
From: "Remus" <rmocius () auste elnet lt>
Date: Tue, 11 Nov 2003 08:10:06 -0000
Hi, Snort is running on eth0 (external NIC) I use NAT with only C class IPs for local network.
What are HOME_NET and EXTERNAL_NET defined as relative to your network? -
Sorry what you mean? And I want to pick up inbound attacks and outbound attacks on eth0. Thanks Regards Remus ----- Original Message ----- From: "Matt Kettler" <mkettler () evi-inc com> To: "Remus" <rmocius () auste elnet lt>; <snort-users () lists sourceforge net> Sent: Monday, November 10, 2003 11:08 PM Subject: Re: [Snort-users] Snort.conf variables
At 11:16 AM 11/10/2003, Remus wrote:Just my small confusion regarding HOME_NET and EXTERNAL_NET variables. I have a Linux firewall which one runs Snort as well: eth0 - external network eth1 - local network And it has port forwards to web, smtp servers in the local network. Now my question is which one variables I have to use for my eth0 and
eth1?
Given your question, there's no possible answer. And quite frankly, the real answer may be "neither". Snort configuration depends on a lot more than just what your router interfaces are. What interface is snort running on, eth0 or eth1? Is there address translation going on? What are HOME_NET and EXTERNAL_NET defined as relative to your network? Are you looking to pick up inbound attacks, outbound attacks, or both? ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort.conf variables Remus (Nov 10)
- Re: Snort.conf variables Matt Kettler (Nov 10)
- Re: Snort.conf variables Remus (Nov 11)
- Re: Snort.conf variables Matt Kettler (Nov 11)
- Re: Snort.conf variables Remus (Nov 11)
- Re: Snort.conf variables Erek Adams (Nov 11)
- Re: Snort.conf variables Matt Kettler (Nov 10)