RE: home_net question

["McCammon, Keith" <Keith.McCammon () eadvancemed com>]

There are two "home net" settings in Snort: 1) The $HOME_NET variable in
the config file, which is only a variable used within your .rules files,
and 2) the -h directive at the command-line, which essentially tells
Snort which network address(es) you are defending, causing Snort to
inspect and log traffic accordingly.

In certain cases and architectures, some users might not notice if these
variables are not set.  However, in most cases, you will notice if the
command-line directive is not set, because some attacks against your
network would be logged in directories named for the target address.

Cheers

Keith

-----Original Message-----
From: Basil Saragoza [mailto:snortlst () hotmail com]
Sent: Monday, March 11, 2002 6:42 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] home_net question


I try to figure out what is the meaning of home_net. FAQ says it is a
network that I'm defending.
Is that a logical definition (home_net) or does it make some practical
sense?
For example I can set home_net to:
1. address range of my lan
2. eth0_ADDRESS
3. address of my firewall only.
I actually tried all of them and didn't notice real difference...


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users