Snort mailing list archives
Re: disable network in var HOME_NET
From: "Joel Esler" <eslerj () gmail com>
Date: Tue, 13 Jan 2009 08:37:35 -0500
Actually, IIRC, you can do a negative and a positive in the same variable, as of a couple versions ago. However, IIRC, the negative cidr has to be smaller than the bigger. Which, in your below example, it is. J On Tue, Jan 13, 2009 at 8:02 AM, Jack Pepper <pepperjack () afferentsecurity com> wrote:
Quoting Sascha Hintz <sascha.hintz () gmx net>:I would like to disable our VPN Network in HOME_NET. Because i dont want have attacker alerts from this network. Can you help me ?maybe. here is what you *cannot* do: use a negation in the HOME_NET var. Things like this will not work: var HOME_NET [10.3.0.0/16,!10.3.4.0/24] You cannot negate an address range that is a proper subset of an already defined address range. We've all tried it. It won't fly. you will have to do something like this to enumerate what *is* in home_net: var HOME_NET [10.3.1.0/24,10.3.2.0/24,10.3.3.0/24,10.3.5.0/24] jp -- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- disable network in var HOME_NET Sascha Hintz (Jan 12)
- Re: disable network in var HOME_NET Jack Pepper (Jan 13)
- Re: disable network in var HOME_NET Joel Esler (Jan 13)
- Re: disable network in var HOME_NET Nigel Houghton (Jan 13)
- Re: disable network in var HOME_NET Jack Pepper (Jan 13)