Snort mailing list archives

Previous By Date Next
Previous By Thread Next

HOME_NET and EXTERNAL_NET snort.conf

From: "Allan Dover" <allan () redwoods ca>
Date: Wed, 9 Apr 2003 11:54:57 -0400
Hello Everyone !

In my config I have Snort 2.0.rc3 --with mysql and ACID 0.9.6.b23
RH 8.0 Patched as Bridged Firewall ETH0 and ETH1 Comprise of bridge BRIDGE
snort.conf has been configured as so:
HOME_NET is my LAN 192.168.0.0/26 would give me 192.168.0.1 - 192.168.0.62
EXTERNAL_NET is WAN 192.168.254.14 (Router's Address)  Correct ?
var DNS 192.168.0.5
var HTTP etc...

###          ##########    #####     #####        --DNS 192.168.0.5
DSL         ETH0-ETH1    Router    Clients        --WEB 192.168.0.30
###          ##########    #####     #####        --DNS 192.168.0.30

I used to use snort without filling in the var dns, http and network
portions.  I was seeing DNS Zone transfers and so on.  Now I dont see the
dns zone transfers, and want to make sure that is what is supposed to
happen.
I also set up a firewall to filter out some of the nasty stuff which I dont
this is workinmg 100% the way I wanted, but I digress.  My ultimate goal is
to block my users from surfing porn at work, and limit P2P programs.
So far Guardian seems best for this from my reading, I have also been told
about snortsam.  ( do I need Flex Resp ? )

Plus my understanding of setting up the HOME_NET and EXTERNAL_NET are
sketchy.  I have read the FAQ and Snort Docs.

Any Insight on this would be greatly appreciated.


Allan Dover

###################################################
This e-mail communication (including any or all attachments) is intended
only for the use of the person(s) or entity to which it is addressed and may
contain confidential and/or privileged material. If you are not the intended
recipient of this e-mail, any use, review, retransmission, distribution,
dissemination, copying, printing, or other use of, or taking of any action
in reliance upon this e-mail, is strictly prohibited. If you have received
this e-mail in error, please contact the sender and delete the original and
any copy of this e-mail and any  printout thereof, immediately. Your
co-operation is appreciated.




-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: