Snort mailing list archives
Re: home_net/external_net problem
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 2 Sep 2009 14:31:51 -0400
Version 2.8.5 may be able to help you then. According to the README of
2.8.5rc.
* Ability to specify different Snort configurations based on VLAN tags
or CIDR blocks.
Joel
On Wed, Sep 2, 2009 at 2:28 PM, Jack Pepper <pepperjack () afferentsecurity com
wrote:
This is a known issue: "external_net cannot be a proper subset of home_net and vice versa." It's not broke, it's just that when you get down into some of the more complex rules, you end up creating crazy logic anomalies when negating nested ranges. You could do it like this: Home_net [10.10.10.0/24,10.10.11.0/24 ... etc ] Or some variant of that idea. jp Quoting "Jefferson, Shawn" <Shawn.Jefferson () bcferries com>:Hi, I have a problem with defining my networks in snort.conf. My home net is 10.10.0.0/13, but I want to set 10.10.22.0/24 as external since it is a VPN assigned range. I can't figure out how to easily specify the ranges in home_net and external_net to do this. -- Shawn Jefferson-- Framework? I don't need no stinking framework! ---------------------------------------------------------------- @fferent Security Labs: Isolate/Insulate/Innovate http://www.afferentsecurity.com ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- home_net/external_net problem Jefferson, Shawn (Sep 02)
- Re: home_net/external_net problem Jack Pepper (Sep 02)
- Re: home_net/external_net problem Joel Esler (Sep 02)
- Re: home_net/external_net problem Jefferson, Shawn (Sep 02)
- Re: home_net/external_net problem Jack Pepper (Sep 02)
- Re: home_net/external_net problem Jefferson, Shawn (Sep 02)
- Re: home_net/external_net problem Jack Pepper (Sep 02)
- Re: home_net/external_net problem Paul Schmehl (Sep 02)
- Re: home_net/external_net problem Jefferson, Shawn (Sep 02)