Snort mailing list archives
Home nets and pruning my alerts
From: ccidsh-snort.org () swarfega net
Date: 15 Oct 2003 18:14:09 -0000
Hi. I've got Snort up and running, but instead of detecting inbound scans, I want to detect only outbound scans caused by the Nachi virus. My home net is [x.y.208.0/27,x.y.224.0/27], but I suspect that I need to set my home net to any and other networks to the above in order to be "protecting" the world from outbound scans. That does seem to work, and the only outbound scans I see are in the above address range, while before I was getting alerts from x.y.251 and friends. However, I am getting loads of alerts about Nachi infections on x.somewhere_else.0.0/16 and I'd like to restrict the alerts only to my network hosts. Is there an easy way to do this in the snort.conf file? Thanks, Iain Hallam. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Home nets and pruning my alerts ccidsh-snort . org (Oct 15)