Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Confused?

From: Ralf Spenneberg <lists () spenneberg org>
Date: Thu, 03 Nov 2005 10:56:32 +0100
Am Dienstag, den 01.11.2005, 08:32 -0800 schrieb John Friedman:

Here is my home var HOME_NET [10.1.10.0/24]
I span the firewall port to the snort box monitoring port.  I got a
lot of traffic from other VLAN such as 10.1.14.0/24,
10.1.44.0/24...10.1.77.0/24...
 
I feel a liittle bit confused why some alerts from 10.1.14.0/24 and
not just from 10.1.10.0/24?

The HOME_NET variable usually is used to detect attacks directed at this
network. Probably the attacks you see are directed at this network and
just originate in the network you stated.

Ralf

-- 
Ralf Spenneberg
OpenSource Training                     http://www.opensource-training.de
Webereistr. 1                           48565 Steinfurt           Germany




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: