Snort mailing list archives
Re: SERVER ADDRESSES
From: Joel Esler <jesler () sourcefire com>
Date: Sun, 23 Oct 2011 09:02:14 -0400
If you define HOME_NET but not the rest, and leave them as default, then Snort will assume all the hosts in HOME_NET are DNS servers. (unless you are using adaptive profiling) It's common to leave the configuration like that. But it's more productive to define those hosts as well. Sent from my iPhone On Oct 23, 2011, at 2:05 AM, "Pratik Kumawat" <pratik.kumawat () matrixcomsec com> wrote:
I have a question here... In case, we write $HOME_NET in the variables meant for DNS Server, HTTP Server, SMTP, SQL, TELNET, SNMP, etc, then how does SNORT recognize the actual IP address of the respective servers?? I mean if v have something like # Setup the network addresses you are protecting var HOME_NET 192.168.1.0/24 # Set up the external network addresses. Leave as "any" in most situations var EXTERNAL_NET !$HOME_NET # List of DNS servers on your network var DNS_SERVERS $HOME_NET # List of SMTP servers on your network var SMTP_SERVERS $HOME_NET # List of web servers on your network var HTTP_SERVERS $HOME_NET # List of sql servers on your network var SQL_SERVERS $HOME_NET # List of telnet servers on your network var TELNET_SERVERS $HOME_NET # List of ssh servers on your network var SSH_SERVERS $HOME_NET # List of ftp servers on your network var FTP_SERVERS $HOME_NET then how will SNORT get to know which one is our DNS Server and so on??? Please someone reply asap... Thanks ------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SERVER ADDRESSES Pratik Kumawat (Oct 22)
- Re: SERVER ADDRESSES Joel Esler (Oct 23)