Snort mailing list archives
HOME_NET question
From: sart () trialgraphix com
Date: Thu, 3 Jun 2004 14:53:09 -0400
I have only one IDS and it is on the DMZ. For the HOME_NET var do i just put in the subnet of the DMZ or do i put in my VLAN subnets also? Right now i have the DMZ and my 2 vlan subnets in var HOME_NET and i was just wondering if that is correct Lastly, after running snort on the default rule set with 2.1.2 for a couple of weeks i finally used oinkmaster to get and use the latest stable rules. Now in the past 3 hours i have only gotten 3 alerts besides my self tests and they are all the robot.txt alert from the search engines. Is this normal for a sensor on a DMZ with a non MS webserver, email server, and ftp server? Was i just used to getting all those false positives from the default ruleset? It seems so quiet now. Thank guys, Seth Art ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Cant see alert for rule Tom Fulton (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- Re: Cant see alert for rule Jeff Coppock (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- Re: Cant see alert for rule Jeff Coppock (Jun 02)
- RE: Cant see alert for rule Tom Fulton (Jun 02)
- <Possible follow-ups>
- RE: Cant see alert for rule Harper, Patrick (Jun 02)
- Re: Cant see alert for rule SN ORT (Jun 03)
- HOME_NET question sart (Jun 03)
- RE: Cant see alert for rule Tom Fulton (Jun 03)