Snort mailing list archives
RE: external net
From: Kevin Brown <Kevin.M.Brown () asu edu>
Date: Fri, 10 Aug 2001 08:24:54 -0700
EXTERNAL_NET = !$HOME_NET
-----Original Message----- From: Birkir Björnsson [mailto:Birkir.Bjornsson () islandssimi is] Sent: Friday, August 10, 2001 08:21 To: snort-users () lists sourceforge net Subject: [Snort-users] external net I´ve my snort.conf set with homenet specified for three /24 nets, the external net is set to any. And i´m getting these kind things in my log. [**] [1:473:1] ICMP redirect net [**] [Classification: Potentially Bad Traffic] [Priority: 2] 08/10-15:17:10.455654 193.4.194.1 -> 193.4.194.25 ICMP TTL:30 TOS:0x0 ID:12657 IpLen:20 DgmLen:56 Type:5 Code:0 REDIRECT [Xref => http://www.whitehats.com/info/IDS199] [Xref => http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0265] How do i exclude my home net from the external nets.? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- external net Birkir Björnsson (Aug 10)
- Re: external net Pontus Joakimsson (Aug 10)
- external net Murphy (Aug 10)
- <Possible follow-ups>
- RE: external net Kevin Brown (Aug 10)