Re: ip's outside of HOME_NET showing up

[Michael Sconzo <msconzo () tamu edu>]

Some rules are written EXTERNAL_NET -> HOME_NET and others HOME_NET -> EXTERNAL_NET

my $0.02 check out the 'questionable' alerts ... you may need to change the rule.

-=Mike

On Thu, Jul 08, 2004 at 11:01:37AM -0400, Adam Denenberg wrote:
> Hello,
>
>  I finally got my acid/mysql setup working well.  However i have
> HOME_NET defined as my public range , say 24.100.100.0/24.  However i
> am seeing tons of destination ip addresses outside of that.  Shouldnt
> snort only be watching attacks destined for the HOME_NET network ?  Or
> do i need to specifically limit that with a BPF filter?  I thought
> snort handled that with the HOME_NET variable but still am seeing all
> sorts of ip addresses in ACID.
>
> thanks
> adam

-- 
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
        But let your communication be Yea, yea; nay, nay: for
        whatsoever is more than these cometh of evil.
                -- Matthew 5:37


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users