Re: Does setting HOME_NET have any effect in Stealth mode?

[Rob Ward <rob.ward () liverpool ac uk>]

Hi Michael,

--On 02 November 2004 23:02 +0800 Michael Boman <michael.boman () gmail com> 
wrote:

> On Tue, 02 Nov 2004 13:05:26 +0000, Rob Ward <rob.ward () liverpool ac uk>
> wrote:
> > When I set "HOME_NET" to anything other than 'any' I no longer see any
> > DOS or DDOS alerts but P2P alerts are still output. I've tried following
> > the configuration examples in the FAQ's etc and can't get it to work. I'm
> > wondering if HOME_NET has any relevance when running snort in 'stealth'
> > or am I wide of the mark?
>
> HOME_NET is used to define the network you are interesting to monitor,
> and your snort box being in stealth mode or not has nothing to do with
> it.

That's what I find strange - when I set HOME_NET to the network I want to 
monitor the DOS alerts are no longer output?

> > Also - can snort cope with variable length subnet masks?
>
> Please explain what you mean.

For example:

var HOME_NET [138.253.82.0/23 , 138.253.160.0/22]

> Best regards
>  Michael Boman

Thanks and Regards

Rob Ward
Network Northwest Support
University of Liverpool
Computing Services Department

Tel: 0151 794 4449
Fax: 0151 794 4442
Mob: 07970 247 326


-------------------------------------------------------
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.com/?ad_id=5588&alloc_id=12065&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users