Snort mailing list archives

Previous By Date Next
Previous By Thread Next

AW: external_net and home_net questions

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Mon, 3 Jun 2002 07:47:44 +0200
From snort.conf:


# or use global variable $<interfacename>_ADDRESS
# which will be always initialized to IP address and
# netmask of the network interface which you run
# snort at.
#
# var HOME_NET $eth0_ADDRESS

This should expand to 192.168.1.0/24 if eth0 has ip 192.168.1.1 e.g.

Using
var EXTERNAL_NET !$HOME_NET
in the example above means "EXTERNAL_NET is everything not in the range of
192.168.1.0/24", so if your alerts generated when using EXTERNAL_NET any are
in that range you won't get any alert when EXTERNAL_NET is defined as
!$HOME_NET.

HTH,
Sandro


I've read somewhere in the archives that this is allowed:

var HOME_NET $eth0_ADDRESS
var EXTERNAL_NET !$HOME_NET

Is it?  If so, it is not working for me.  I have define 
EXTERNAL_NET as
ANY in order to get logs/alerts.  Any idea why?  Or is it not 
suppose to
work this way?

TIA,
-Lup


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: