RE: home_net and ext_net question

["L. Christopher Luther" <CLuther () Xybernaut com>]

Having HOME_NET encapsulate two or more networks can do funny things to the
Snort rules when one simply negates EXTERNAL_NET (i.e., var EXTERNAL_NET
!$HOME_NET, or some variant).  

So, to avoid unwanted alerts/logs, you're probably going to have to modify
your rules to be more specific than EXTERNAL_NET -> HOME_NET.  

- Christopher


-----Original Message-----
From: Mike Zupan [mailto:mzupan () meso com]
Sent: Wednesday, April 23, 2003 4:19 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] home_net and ext_net question


Right now here are my two vars.

var HOME_NET [66.93.31.0/24,129.4.26.0/24]
var EXTERNAL_NET [66.93.31.0/24,129.4.26.0/24] (i have also tried just any)


This is an example of what I want to stop snort from logging.

snmp connections from 66.93.31.10 -> 66.93.31.1

i also get cgi-redirect snort logs from desktops in the 66 class C range.
Is there a way to stop logging when connecting to other internal servers.

Mike




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users