Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: question on obfuscating addresses

From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 27 Jan 2003 17:49:25 -0500
The -O flag doesn't use the HOME_NET variable from snort.conf, it uses the home_net specified by the -h option on the command line to snort. 

The two are different things, and changing one does not over-ride the other.
-h - home_net as far as logging, etc sees things. Useful with -O and also if you're using text-mode packet dumps as it forces the directory names to be those of "forgein" IPs whenever possible, regardless of dest/src.
var HOME_NET is used in snort.conf and changes what IP's the rules look at, etc. 

The snort code itself is in general not aware of what var HOME_NET is set to.



At 05:00 PM 1/27/2003 -0500, James R. Hendrick wrote:

Hi,
        I recently tried to use snort to process binary logs and obfuscate
the non HOME_NET addresses, generating "cleaned" binary logs. It doesn't
look like this is possible. It appears that no matter what the "HOME_NET"
was defined to be, that the "-O" flag simply causes all addresses to be
translated to xxx.xxx.xxx.xxx




-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: