Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Home_Net woes

From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 18 Sep 2002 13:13:55 -0700 (PDT)
On Wed, 18 Sep 2002, Jim Overholser wrote:


I'm in the thick of configuring a snort box.  I'm getting all of my local
traffic, even though I think I have the HOME_NET variable set properly.

Var HOME_NET [132.147.160.0/24,10.100.1.0/24]

Is this incorrect?  Two subnets.


Yes.

I honestly thing you have your EXTERNAL_NET set incorrectly.  IMHO, the best
setting for it is:

        var EXTERNAL_NET !$HOME_NET

That will ignore all traffic coming from your HOME_NET in the rules.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This SF.NET email is sponsored by: AMD - Your access to the experts
on Hammer Technology! Open Source & Linux Developers, register now
for the AMD Developer Symposium. Code: EX8664
http://www.developwithamd.com/developerlab
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: