Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SERVER ADDRESSES

From: Joel Esler <jesler () sourcefire com>
Date: Sun, 23 Oct 2011 09:02:14 -0400
If you define HOME_NET but not the rest, and leave them as default, then Snort will assume all the hosts in HOME_NET 
are DNS servers. (unless you are using adaptive profiling)

It's common to leave the configuration like that.  But it's more productive to define those hosts as well. 

Sent from my iPhone

On Oct 23, 2011, at 2:05 AM, "Pratik Kumawat" <pratik.kumawat () matrixcomsec com> wrote:


I have a question here... In case, we write $HOME_NET in the variables  
meant for DNS Server, HTTP Server, SMTP, SQL, TELNET, SNMP, etc, then  
how does SNORT recognize the actual IP address of the respective  
servers?? I mean if v have something like

# Setup the network addresses you are protecting
var HOME_NET 192.168.1.0/24

# Set up the external network addresses. Leave as "any" in most situations
var EXTERNAL_NET !$HOME_NET

# List of DNS servers on your network
var DNS_SERVERS $HOME_NET

# List of SMTP servers on your network
var SMTP_SERVERS $HOME_NET

# List of web servers on your network
var HTTP_SERVERS $HOME_NET

# List of sql servers on your network
var SQL_SERVERS $HOME_NET

# List of telnet servers on your network
var TELNET_SERVERS $HOME_NET

# List of ssh servers on your network
var SSH_SERVERS $HOME_NET

# List of ftp servers on your network
var FTP_SERVERS $HOME_NET

then how will SNORT get to know which one is our DNS Server and so on???

Please someone reply asap...
Thanks



------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn 
about Cisco certifications, training, and career opportunities. 
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn 
about Cisco certifications, training, and career opportunities. 
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: