Re: HOME_NET and EXTERNAL_NET variables

[Tim Kramer <kramert () mlrnoc navy mil>]

I'm a total newbie at this also but, in reading the docs, would
take a wild guess and suggest putting your networks in brackets
such as [192.168.2.0/24,10.0.0.0/3,172.9.3.0/8] when defining
$HOME_NET.  You can then use the variable in your rules as in

alert tcp any any -> $HOME_NET 25 (.........

when watching for mail coming into you networks.  

- Tim



On Thu, 2001-11-01 at 13:59, Merrick, Gary wrote:
> Yes, this is a total newbie question, but I figured this is the right
> place to ask it.  What is the purpose of the HOME_NET and EXTERNAL_NET
> variables that are defined in snort.conf?  Does it change the formatting
> of the alerts?  Or perhaps turn off the scanning of packets originating
> from an internal network?  Or something else?
>
> I would imagine this would be a fairly straightforward process to define
> them if one had an extremely simple network architecture.  But my
> ultimate aim is to be able to monitor 3 or 4 networks.  In such a case,
> what is considered "home" and what is "external"?
>
> Any guidance would be much appreciated.
>
> Gary
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users