Snort mailing list archives

RE: HOME_NET Clarification

From: Ilango S Allikuzhi <IlangoAllikuzhi () dtcc com>
Date: Fri, 29 Oct 2004 15:07:37 -0400

I can not enter [10.0.0.0/8] as some subnets are to be considered external 
- for instance 10.40.2.0/24 is external
I would like to exclude these subnets.
Thanks,
Ilango




"Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
10/29/2004 02:45 PM

 
        To:     Ilango S Allikuzhi <IlangoAllikuzhi () dtcc com>, 
<snort-users () lists sourceforge net>
        cc: 
        Subject:        RE: [Snort-users] HOME_NET Clarification


Enter the ones you want to be internal (in your below example [10.0.0.0/8, 
192.168.1.0/24]  all others will be specified as External_net if you have 
External_net defined as any.
 
J
-----Original Message-----
From: snort-users-admin () lists sourceforge net 
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Ilango S Allikuzhi
Sent: Friday, October 22, 2004 12:25 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] HOME_NET Clarification


Is it possible to define HOME_NET as [!10.40.1.0/24, !10.40.2.0/24, 
10.0.0.0/8, 192.168.1.0/24]  for instance? 
In other words, we want all subnets under 10 except a few. 
Some public addresses get NAT'ed to 10.40.2.x addresses and hence I need 
to treat them as external net. 
Thanks, 
Ilango

Current thread:

HOME_NET Clarification Ilango S Allikuzhi (Oct 29)
- Message not available
  - Re: HOME_NET Clarification Matt Kettler (Oct 29)
- <Possible follow-ups>
- RE: HOME_NET Clarification Esler, Joel - Contractor (Oct 29)
- RE: HOME_NET Clarification Ilango S Allikuzhi (Nov 19)