Snort mailing list archives
Re: Snort setup help
From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 01 Sep 2004 11:57:03 -0400
At 09:14 AM 9/1/2004, Darren Reeves wrote:
I have added all subnets to the HOME_NET but what should i set for EXTERNAL_NET. I would like to be able to catch suspicous traffic entering and leaving our network without having an insane amount of alerts.
Use this to only look at attacks from the outside targeting your network, but ignore attacks between two machines in HOME_NET.
var EXTERNAL_NET !$HOME_NETyou can also switch to "any" if you want to monitor for attacks within your lan, but this can be noisy.
var EXTERNAL_NET any ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort setup help Darren Reeves (Sep 01)
- Re: Snort setup help Matt Kettler (Sep 01)