Snort mailing list archives

Re: Snort setup help

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 01 Sep 2004 11:57:03 -0400

At 09:14 AM 9/1/2004, Darren Reeves wrote:

 I
have added all subnets to the HOME_NET but what should i set for
EXTERNAL_NET.  I would like to be able to catch suspicous traffic
entering and leaving our network without having an insane amount of
alerts.

Use this to only look at attacks from the outside targeting your network,but ignore attacks between two machines in HOME_NET.


var EXTERNAL_NET !$HOME_NET

you can also switch to "any" if you want to monitor for attacks within yourlan, but this can be noisy.


var EXTERNAL_NET any






-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort setup help Darren Reeves (Sep 01)
- Re: Snort setup help Matt Kettler (Sep 01)