Upgraded to 2.8.6 and external network addresses

["James R. Marcus" <jmarcus () edhance com>]

Hi,
Pretty new to Snort. I upgraded to 2.8.6 today and I'm running on Cent OS 5.3 64-bit. In reality I didn't upgrade, I 
removed (not uninstalled) all the Snort binaries from my system and then installed an RPM of 2.8.6. I copied a fair 
amount of my configuration from the snort.conf of my earlier version.  I specified my Web servers, telnet servers 
(phone system), etc in the configuration.  Then I came to the EXTERNAL_NET variable and looked at the IPs assigned to 
my routers. I added the the CIDR nets we were assigned.  So now I'm getting a lot fewer alerts, is that because of the 
additonal detail I provided for network services and external networks?

I know it says a good start may be "any" but is that because some people don't know their external CIDR net?


There aren't my real IPs:


# Set up the external network addresses.  A good start may be "any"
var EXTERNAL_NET [67.89.243.208/28,64.112.133.96/27,66.47.194.100/30]



Thanks,
James
------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users