Snort mailing list archives
RE: More on home_net and external_net
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 14 Aug 2001 08:24:59 -0700 (PDT)
On Tue, 14 Aug 2001, Gisli Helgason wrote:
Sorry bur I was not wery clear on what I wanted.
Hey, I hadn't had my coffee either!
I want to see attacks originating on external and home with a destination of home.
then: var $HOME_NET any
I do not want to see attacks originating in home and with a destination of external.
Ugh... To my limted knowledge, this isn't something you can do. Most of the rules use "$HOME_NET" to choose the rules. You can dig thru the rules and find all of the $HOME_NET -> $EXTERNAL_NET rules and comment them out. That's the only way I can think of at the moment. Anyone else got other methods?
I already have the configuration you gave me but I am missing all attacks from home to home.
It's not a simple one.... Good luck! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- More on home_net and external_net Gisli Helgason (Aug 14)
- Re: More on home_net and external_net Erek Adams (Aug 14)
- <Possible follow-ups>
- RE: More on home_net and external_net Gisli Helgason (Aug 14)
- RE: More on home_net and external_net Erek Adams (Aug 14)
- RE: More on home_net and external_net Kris Quinby (Aug 14)