Snort mailing list archives
HOME_NET and EXTERNAL_NET snort.conf
From: "Allan Dover" <allan () redwoods ca>
Date: Wed, 9 Apr 2003 11:54:57 -0400
Hello Everyone ! In my config I have Snort 2.0.rc3 --with mysql and ACID 0.9.6.b23 RH 8.0 Patched as Bridged Firewall ETH0 and ETH1 Comprise of bridge BRIDGE snort.conf has been configured as so: HOME_NET is my LAN 192.168.0.0/26 would give me 192.168.0.1 - 192.168.0.62 EXTERNAL_NET is WAN 192.168.254.14 (Router's Address) Correct ? var DNS 192.168.0.5 var HTTP etc... ### ########## ##### ##### --DNS 192.168.0.5 DSL ETH0-ETH1 Router Clients --WEB 192.168.0.30 ### ########## ##### ##### --DNS 192.168.0.30 I used to use snort without filling in the var dns, http and network portions. I was seeing DNS Zone transfers and so on. Now I dont see the dns zone transfers, and want to make sure that is what is supposed to happen. I also set up a firewall to filter out some of the nasty stuff which I dont this is workinmg 100% the way I wanted, but I digress. My ultimate goal is to block my users from surfing porn at work, and limit P2P programs. So far Guardian seems best for this from my reading, I have also been told about snortsam. ( do I need Flex Resp ? ) Plus my understanding of setting up the HOME_NET and EXTERNAL_NET are sketchy. I have read the FAQ and Snort Docs. Any Insight on this would be greatly appreciated. Allan Dover ################################################### This e-mail communication (including any or all attachments) is intended only for the use of the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, any use, review, retransmission, distribution, dissemination, copying, printing, or other use of, or taking of any action in reliance upon this e-mail, is strictly prohibited. If you have received this e-mail in error, please contact the sender and delete the original and any copy of this e-mail and any printout thereof, immediately. Your co-operation is appreciated. ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HOME_NET and EXTERNAL_NET snort.conf Allan Dover (Apr 09)