Snort mailing list archives

Re: Snort Error - Couldn't resolve hostname HOME_NET

From: Darksun8 <drksun () gmail com>
Date: Tue, 1 Feb 2005 18:32:51 -0800

Here is the portion of my snort.conf where home net is defined

var HOME_NET any

# Set up the external network addresses as well.  A good start may be "any"
var EXTERNAL_NET !HOME_NET
 

i have tryed 192.168.0.1 ( the ip of the box ) also i have tryed 192.168.0.1/24 




On Tue, 1 Feb 2005 18:01:38 -0800, Darksun8 <drksun () gmail com> wrote:

[root@localhost snort]# snort -c /etc/snort/snort.conf &
[1] 3249
[root@localhost snort]# Running in IDS mode
Log directory = /var/log/snort

Initializing Network Interface eth0

      --== Initializing Snort ==--
Initializing Output Plugins!
Decoding Ethernet on interface eth0
Initializing Preprocessors!
Initializing Plug-ins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
,-----------[Flow Config]----------------------
| Stats Interval:  0
| Hash Method:     2
| Memcap:          10485760
| Rows  :          4099
| Overhead Bytes:  16400(%0.16)
`----------------------------------------------
No arguments to frag2 directive, setting defaults to:
  Fragment timeout: 60 seconds
  Fragment memory cap: 4194304 bytes
  Fragment min_ttl:   0
  Fragment ttl_limit: 5
  Fragment Problems: 0
  Self preservation threshold: 500
  Self preservation period: 90
  Suspend threshold: 1000
  Suspend period: 30
Stream4 config:
  Stateful inspection: ACTIVE
  Session statistics: INACTIVE
  Session timeout: 30 seconds
  Session memory cap: 8388608 bytes
  State alerts: INACTIVE
  Evasion alerts: INACTIVE
  Scan alerts: INACTIVE
  Log Flushed Streams: INACTIVE
  MinTTL: 1
  TTL Limit: 5
  Async Link: 0
  State Protection: 0
  Self preservation threshold: 50
  Self preservation period: 90
  Suspend threshold: 200
  Suspend period: 30
Stream4_reassemble config:
  Server reassembly: INACTIVE
  Client reassembly: ACTIVE
  Reassembler alerts: ACTIVE
  Zero out flushed packets: INACTIVE
  flush_data_diff_size: 500
  Ports: 21 23 25 53 80 110 111 143 513 1433
  Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
HttpInspect Config:
  GLOBAL CONFIG
    Max Pipeline Requests:    0
    Inspection Type:          STATELESS
    Detect Proxy Usage:       NO
    IIS Unicode Map Filename: /etc/snort/unicode.map
    IIS Unicode Map Codepage: 1252
  DEFAULT SERVER CONFIG:
    Ports: 80 8080 8180
    Flow Depth: 300
    Max Chunk Length: 500000
    Inspect Pipeline Requests: YES
    URI Discovery Strict Mode: NO
    Allow Proxy Usage: NO
    Disable Alerting: NO
    Oversize Dir Length: 500
    Only inspect URI: NO
    Ascii: YES alert: NO
    Double Decoding: YES alert: YES
    %U Encoding: YES alert: YES
    Bare Byte: YES alert: YES
    Base36: OFF
    UTF 8: OFF
    IIS Unicode: YES alert: YES
    Multiple Slash: YES alert: NO
    IIS Backslash: YES alert: NO
    Directory Traversal: YES alert: NO
    Web Root Traversal: YES alert: YES
    Apache WhiteSpace: YES alert: YES
    IIS Delimiter: YES alert: YES
    IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
    Non-RFC Compliant Characters: NONE
rpc_decode arguments:
  Ports to decode RPC on: 111 32771
  alert_fragments: INACTIVE
  alert_large_fragments: ACTIVE
  alert_incomplete: ACTIVE
  alert_multiple_requests: ACTIVE
telnet_decode arguments:
  Ports to decode telnet on: 21 23 25 119
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = snort
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name = 192.168.0.3
database:     sensor id = 1
database: schema version = 106
database: using the "log" facility
ERROR: ERROR /etc/snort/rules/bad-traffic.rules(12): Couldn't resolve
hostname HOME_NET
Fatal Error, Quitting..

in my config home net is set to "any", my network is 192.168.0.1 - 192.168.0.10
i tryed 192.168.0.1/24.



-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort Error - Couldn't resolve hostname HOME_NET Darksun8 (Feb 01)
- Re: Snort Error - Couldn't resolve hostname HOME_NET Darksun8 (Feb 01)
- <Possible follow-ups>
- Re: Snort Error - Couldn't resolve hostname HOME_NET Shawn Kottke (Feb 01)
- Re: Re: Snort Error - Couldn't resolve hostname HOME_NET Shawn Kottke (Feb 01)
- Re: Re: Snort Error - Couldn't resolve hostname HOME_NET Shawn Kottke (Feb 01)