Re: Issue related to Blacklists

[Joel Esler <jesler () sourcefire com>]

Did you try and do it the way I told you first, let's do the
troubleshooting before we start trying to solve a problem.

On Wed, Oct 16, 2013 at 7:08 AM, Anshuman Anil Deshmukh
<anshuman () cybage com> wrote:
> Hi Joel,
>
>
>
> Is it fine if I if put “ipvar HOME_NET” for each line; as there is a reason
> for it. Basically it would help to audit the list of VLAN’s effectively and
> also appear in readable format. At times we have new VLAN’s created/removed
> frequently and hence don’t want accidently to miss any VLAN which I feel may
> happen if all appear in one line.
>
>
>
>
>
> Thanks and Regards,
>
> Anshuman
>
>
>
> From: Joel Esler [mailto:jesler () sourcefire com]
> Sent: Tuesday, October 15, 2013 7:34 PM
> To: Anshuman Anil Deshmukh
> Cc: Snort Users
> Subject: Re: [Snort-users] Issue related to Blacklists
>
>
>
> On Oct 15, 2013, at 1:14 AM, Anshuman Anil Deshmukh <anshuman () cybage com>
> wrote:
>
>
>
> ipvar HOME_NET [172.27.3.0/24,\
>
> 172.27.6.0/24,\
>
> 172.27.7.0/24,\
>
> 172.27.8.0/24,\
>
>
>
> Try putting your HOME_NET all in one line instead of trying to do line
> continuation.
>
>
>
> --
> Joel Esler
> AEGIS Intelligence Lead
> OpenSource Community Manager
> Vulnerability Research Team, Sourcefire
>
>
> "Legal Disclaimer: This electronic message and all contents contain
> information from Cybage Software Private Limited which may be privileged,
> confidential, or otherwise protected from disclosure. The information is
> intended to be for the addressee(s) only. If you are not an addressee, any
> disclosure, copy, distribution, or use of the contents of this message is
> strictly prohibited. If you have received this electronic message in error
> please notify the sender by reply e-mail to and destroy the original message
> and all copies. Cybage has taken every reasonable precaution to minimize the
> risk of malicious content in the mail, but is not liable for any damage you
> may sustain as a result of any malicious content in this e-mail. You should
> carry out your own malicious content checks before opening the e-mail or
> attachment." www.cybage.com



-- 
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!