Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: disable network in var HOME_NET

From: Jack Pepper <pepperjack () afferentsecurity com>
Date: Tue, 13 Jan 2009 07:02:28 -0600
Quoting Sascha Hintz <sascha.hintz () gmx net>:


I would like to disable our VPN Network in HOME_NET. Because i dont  
want have attacker alerts from this network.

Can you help me ?


maybe.  here is what you *cannot* do:  use a negation in the HOME_NET  
var.  Things like this will not work:
   var HOME_NET [10.3.0.0/16,!10.3.4.0/24]
You cannot negate an address range that is a proper subset of an  
already defined address range.  We've all tried it.  It won't fly.

you will have to do something like this to enumerate what *is* in home_net:

   var HOME_NET [10.3.1.0/24,10.3.2.0/24,10.3.3.0/24,10.3.5.0/24]

jp


-- 

Framework?  I don't need no stinking framework!

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com


------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: