Snort mailing list archives
Re: disable network in var HOME_NET
From: Jack Pepper <pepperjack () afferentsecurity com>
Date: Tue, 13 Jan 2009 07:02:28 -0600
Quoting Sascha Hintz <sascha.hintz () gmx net>:
I would like to disable our VPN Network in HOME_NET. Because i dont want have attacker alerts from this network. Can you help me ?
maybe. here is what you *cannot* do: use a negation in the HOME_NET var. Things like this will not work: var HOME_NET [10.3.0.0/16,!10.3.4.0/24] You cannot negate an address range that is a proper subset of an already defined address range. We've all tried it. It won't fly. you will have to do something like this to enumerate what *is* in home_net: var HOME_NET [10.3.1.0/24,10.3.2.0/24,10.3.3.0/24,10.3.5.0/24] jp -- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- disable network in var HOME_NET Sascha Hintz (Jan 12)
- Re: disable network in var HOME_NET Jack Pepper (Jan 13)
- Re: disable network in var HOME_NET Joel Esler (Jan 13)
- Re: disable network in var HOME_NET Nigel Houghton (Jan 13)
- Re: disable network in var HOME_NET Jack Pepper (Jan 13)