Snort mailing list archives

RE: external net

From: Kevin Brown <Kevin.M.Brown () asu edu>
Date: Fri, 10 Aug 2001 08:24:54 -0700

EXTERNAL_NET = !$HOME_NET

-----Original Message-----
From: Birkir Björnsson [mailto:Birkir.Bjornsson () islandssimi is]
Sent: Friday, August 10, 2001 08:21
To: snort-users () lists sourceforge net
Subject: [Snort-users] external net


I´ve my snort.conf  set with homenet  specified for three /24 
nets, the
external net is set to any.
And i´m getting these kind things in my log.

[**] [1:473:1] ICMP redirect net [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
08/10-15:17:10.455654 193.4.194.1 -> 193.4.194.25
ICMP TTL:30 TOS:0x0 ID:12657 IpLen:20 DgmLen:56
Type:5  Code:0  REDIRECT
[Xref => http://www.whitehats.com/info/IDS199]
[Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0265]


How do i exclude my home net from the external nets.?


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

external net Birkir Björnsson (Aug 10)
- Re: external net Pontus Joakimsson (Aug 10)
- external net Murphy (Aug 10)
- <Possible follow-ups>
- RE: external net Kevin Brown (Aug 10)