Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: I need help with network address setup

From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 30 Jul 2002 06:47:37 -0700 (PDT)
On Tue, 30 Jul 2002, Steve Jacobsen wrote:


I'm just getting snort setup and have run some probes against my network
but it only sends alerts on the IP address of my snort machine. I am
using IDScenter 1.09 Beta2 to configure and run snort.

Under log settings I set home network to: xxx.xxx.xxx.78/32 (the IP
address of my snort machine) and I get some alerts.

Under the IDS rules I set the Network vaiables as follows:

Home_net              xxx.xxx.xxx.64/27 (I have the 64 to 95 range)
External_Net  any
Smtp                  $home_net
Http_servers  $home_net
Sql_servers           $home_net
Dns_servers           $home_net

What am I doing wrong?


Steve,

        You've got your home network set wrong.  You have "xxx.xxx.xxx.78/32"
and it should be "xxx.xxx.xxx.64/27", if .64 is your network address.  You
might want to consider setting EXTERNAL_NET to '!$HOME_NET' so that the rules
look for things not on your home net instead of looking at everything.

        Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: