Snort mailing list archives

Re: trouble specifying more than one HOME_NET variable

From: James Lay <slave_tothe_box () yahoo com>
Date: Thu, 26 Jun 2003 10:02:50 -0600

On Thu, 26 Jun 2003 10:44:26 -0500
"Philip Davidson" <Philip () dpc-paris com> wrote:

Hello all,

I am trying to specify my $HOME_NET variable to be two separate internal
LANs.  
After making the below change, I tried to start snort back up and it would
not start.  After issuing a "/etc/init.d/snort start",  my startup script
tells me that it is up and running.
But then I issue a "ps -ef|grep snort" and there is no snort.
Any idears?

Here is a section of my conf:


var HOME_NET [192.168.1.0/24,192.168.5.0/24]

# Set up the external network addresses as well.
# A good start may be "any"

var EXTERNAL_NET !$HOME_NET

# Configure your server lists.  This allows snort to only look for attacks
# to systems that have a service up.  Why look for HTTP attacks if you are
# not running a web server?  This allows quick filtering based on IP
addresses
# These configurations MUST follow the same configuration scheme as defined
# above for $HOME_NET.

# List of DNS servers on your network
var DNS_SERVERS $HOME_NET

# List of SMTP servers on your network
var SMTP_SERVERS $HOME_NET

# List of web servers on your network
var HTTP_SERVERS $HOME_NET

# List of sql servers on your network
var SQL_SERVERS $HOME_NET

# List of telnet servers on your network
var TELNET_SERVERS $HOME_NET

# Configure your service ports.  This allows snort to look for attacks
# destined to a specific application only on the ports that application
# runs on.  For example, if you run a web server on port 8081, set your
# HTTP_PORTS variable like this:
#
# var HTTP_PORTS 8081
#
# Port lists must either be continuous [eg 80:8080], or a single port [eg
80].
# We will adding support for a real list of ports in the future.

# Ports you run web servers on
var HTTP_PORTS 80

# Ports you want to look for SHELLCODE on.
var SHELLCODE_PORTS !80

# Ports you do oracle attacks on
var ORACLE_PORTS 1521



Thanks in advance


Philip Davidson
DPC, Inc.
1015 Maurice Fields Dr.
Paris, TN 38242


David,

Run it in a console minus the -D switch so you can see what it dies on.

James


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

trouble specifying more than one HOME_NET variable Philip Davidson (Jun 26)
- Re: trouble specifying more than one HOME_NET variable Erek Adams (Jun 26)
- Re: trouble specifying more than one HOME_NET variable James Lay (Jun 26)