RE: snort.conf

["Esler, Joel - Contractor" <joel.esler () rcert-s army mil>]

Yeah.  What you said.  You said what I wanted to say.  <takes valium>

J

-----Original Message-----
From: Paul Schmehl [mailto:pauls () utdallas edu] 
Sent: Thursday, January 13, 2005 2:34 PM
To: Esler, Joel - Contractor; spiv007; Snort-users () lists sourceforge net
Subject: RE: [Snort-users] snort.conf


--On Thursday, January 13, 2005 10:36:00 AM -0500 "Esler, Joel - 
Contractor" <joel.esler () rcert-s army mil> wrote:

> IIRC, External_net set to any (if you have Home_net defined) is the 
> same as your statement below
Huh?  Are you certain?  Any should mean any IP at all, which would
include 
HOME_NET addresses.  This would mean, for example, an internal address 
"attacking" another internal address would trigger an alert configured
to 
alert from external to internal.

I don't think that's what most people want.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users