Snort mailing list archives
Re: snort.conf: HOME_NET value for AWS EC2 instance
From: "Al Lewis (allewi)" <allewi () cisco com>
Date: Fri, 3 Feb 2017 17:21:15 +0000
Probably 172.31.39.0/24 (or that hosts specific IP if its the only machine you are worried about). Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Paul Li <paul () scybersecurity com<mailto:paul () scybersecurity com>> Date: Friday, February 3, 2017 at 12:01 PM To: allewi <allewi () cisco com<mailto:allewi () cisco com>> Cc: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> Subject: Re: [Snort-users] snort.conf: HOME_NET value for AWS EC2 instance Thanks Al. My EC2 instance internal IP is inet addr:172.31.39.xxx. Should I in the case use 172.31.0.1/12<http://172.31.0.1/12> as the HOME_NET? Thanks, Paul On Fri, Feb 3, 2017 at 11:38 AM, Al Lewis (allewi) <allewi () cisco com<mailto:allewi () cisco com>> wrote: Probably needs to be a 172.16.0.0/12<http://172.16.0.0/12> address since I think that’s the default for private VPC’s. But that it all depends on your addressing scheme and the resources you are trying to protect. Albert Lewis ENGINEER.SOFTWARE ENGINEERING SOURCEfire, Inc. now part of Cisco Email: allewi () cisco com<mailto:allewi () cisco com> From: Paul Li <paul () scybersecurity com<mailto:paul () scybersecurity com>> Date: Friday, February 3, 2017 at 10:01 AM To: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> Subject: [Snort-users] snort.conf: HOME_NET value for AWS EC2 instance For Snort deployed on an AWS EC2, what value should be for HOME_NET the snort.conf configuration? Thanks, Paul
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort.conf: HOME_NET value for AWS EC2 instance Paul Li (Feb 03)
- Re: snort.conf: HOME_NET value for AWS EC2 instance Al Lewis (allewi) (Feb 03)
- Re: snort.conf: HOME_NET value for AWS EC2 instance Paul Li (Feb 03)
- Re: snort.conf: HOME_NET value for AWS EC2 instance Al Lewis (allewi) (Feb 03)
- How to tune snort3.0 to handle 10Gbps traffic? Maxim (Feb 03)
- Re: snort.conf: HOME_NET value for AWS EC2 instance Paul Li (Feb 03)
- Re: snort.conf: HOME_NET value for AWS EC2 instance Al Lewis (allewi) (Feb 03)