Snort mailing list archives

Re: Configuration issue

From: Brian <bmc () snort org>
Date: Sun, 23 Sep 2001 13:51:15 -0400

Let me just make this one comment...

According to DJDave Sobel:

var HOME_NET
[209.190.196.160/28,209.190.206.65/32,209.190.206.66/32,209.190.206.64/3
2,10.1.0.0/24,10.2.0.0/24]

var EXTERNAL_NET !$HOME_NET
var SMTP $HOME_NET
var SMTP_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
#var DNS_SERVERS [209.190.196.163/32,209.190.196.174/32]
var DNS_SERVERS $HOME_NET
preprocessor portscan: $HOME_NET 4 3 portscan.log
preprocessor portscan-ignorehosts: $DNS_SERVERS


You set DNS_SERVERS to HOME_NET and then ignore HOME_NET in your
portscan-ignorehosts.  Why bother running the portscan preprocessor if
you are not going to watch for portscnas?

-brian

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Configuration issue DJDave Sobel (Sep 22)
- Re: Configuration issue John Sage (Sep 22)
- Re: Configuration issue Brian (Sep 23)
  - Configuration issue, Part II DJDave Sobel (Sep 23)
    - Re: Configuration issue, Part II Erek Adams (Sep 23)
    - RE: Configuration issue, Part II DJDave Sobel (Sep 24)
    - Re: Configuration issue, Part II Chris Keladis (Sep 24)
    - -i switch Matthew Francis (Sep 24)
    - Re: Configuration issue, Part II Chris Keladis (Sep 24)
    - Re: Configuration issue, Part II Erek Adams (Sep 24)
    - RE: Configuration issue, Part II DJDave Sobel (Sep 24)
    - RE: Configuration issue, Part II DJDave Sobel (Sep 24)
    - RE: Configuration issue, Part II Erek Adams (Sep 24)

(Thread continues...)