Home nets and pruning my alerts

[ccidsh-snort.org () swarfega net]

Hi.

I've got Snort up and running, but instead of detecting inbound scans, I want to detect only outbound scans caused by 
the Nachi virus. My home net is [x.y.208.0/27,x.y.224.0/27], but I suspect that I need to set my home net to any and 
other networks to the above in order to be "protecting" the world from outbound scans.

That does seem to work, and the only outbound scans I see are in the above address range, while before I was getting 
alerts from x.y.251 and friends. However, I am getting loads of alerts about Nachi infections on 
x.somewhere_else.0.0/16 and I'd like to restrict the alerts only to my network hosts. Is there an easy way to do this 
in the snort.conf file?

Thanks,

Iain Hallam.


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users