Snort mailing list archives
Re: Confused?
From: Ralf Spenneberg <lists () spenneberg org>
Date: Thu, 03 Nov 2005 10:56:32 +0100
Am Dienstag, den 01.11.2005, 08:32 -0800 schrieb John Friedman:
Here is my home var HOME_NET [10.1.10.0/24] I span the firewall port to the snort box monitoring port. I got a lot of traffic from other VLAN such as 10.1.14.0/24, 10.1.44.0/24...10.1.77.0/24... I feel a liittle bit confused why some alerts from 10.1.14.0/24 and not just from 10.1.10.0/24?
The HOME_NET variable usually is used to detect attacks directed at this network. Probably the attacks you see are directed at this network and just originate in the network you stated. Ralf -- Ralf Spenneberg OpenSource Training http://www.opensource-training.de Webereistr. 1 48565 Steinfurt Germany ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Confused? John Friedman (Nov 01)
- Re: Confused? Dino Dragovic (Nov 01)
- Re: Confused? Ralf Spenneberg (Nov 03)