Re: Home_Net, External_Net issue

[Josh Bitto <jbitto () onlineschool ca>]

Just udp....I think I have some insight.....When looking at the config Line 44 shows...
# Setup the network addresses you are protecting
ipvar HOME_NET [YOU_NEED_TO_SET_HOME_NET_IN_snort.conf]

We use pfsense so it modifies the config accordingly. I'm trying to find a way to change that line to ipvar HOME_NET Any

And not have it break anything within pfsense.

From: Joel Esler [mailto:jesler () sourcefire com]
Sent: Tuesday, May 21, 2013 12:47 PM
To: Josh Bitto
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Home_Net, External_Net issue

On May 21, 2013, at 1:58 PM, Josh Bitto <jbitto () onlineschool ca<mailto:jbitto () onlineschool ca>> wrote:


I'm wondering if this is a config issue or traffic setup issue. Currently my internal network the ONLY thing that ever 
shows up is portscans. I can't get anything else to be looked at. Is this due to a Home_net and External_net being 
setup wrong? My understanding is if I list Home_net to "any" then snort should monitor that traffic.

Is the traffic that you are alerting on only UDP or TCP too?

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!