Snort mailing list archives
Re: home_net/external_net problem
From: "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>
Date: Wed, 2 Sep 2009 12:59:57 -0600
It would be nice to be able to specify a range of addresses as well: 10.10.10.0-10.10.21.255, 10.10.23.0-10.10.31.255 for instance. That would solve my problem very easily. -----Original Message----- From: Jack Pepper [mailto:pepperjack () afferentsecurity com] Sent: Wednesday, September 02, 2009 11:29 AM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] home_net/external_net problem This is a known issue: "external_net cannot be a proper subset of home_net and vice versa." It's not broke, it's just that when you get down into some of the more complex rules, you end up creating crazy logic anomalies when negating nested ranges. You could do it like this: Home_net [10.10.10.0/24,10.10.11.0/24 ... etc ] Or some variant of that idea. jp Quoting "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>:
Hi, I have a problem with defining my networks in snort.conf. My home net is 10.10.0.0/13, but I want to set 10.10.22.0/24 as external since it is a VPN assigned range. I can't figure out how to easily specify the ranges in home_net and external_net to do this. -- Shawn Jefferson
-- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- home_net/external_net problem Jefferson, Shawn (Sep 02)
- Re: home_net/external_net problem Jack Pepper (Sep 02)
- Re: home_net/external_net problem Joel Esler (Sep 02)
- Re: home_net/external_net problem Jefferson, Shawn (Sep 02)
- Re: home_net/external_net problem Jack Pepper (Sep 02)
- Re: home_net/external_net problem Jefferson, Shawn (Sep 02)
- Re: home_net/external_net problem Jack Pepper (Sep 02)
- Re: home_net/external_net problem Paul Schmehl (Sep 02)
- Re: home_net/external_net problem Jefferson, Shawn (Sep 02)