SERVER ADDRESSES

["Pratik Kumawat" <pratik.kumawat () matrixcomsec com>]

I have a question here... In case, we write $HOME_NET in the variables  
meant for DNS Server, HTTP Server, SMTP, SQL, TELNET, SNMP, etc, then  
how does SNORT recognize the actual IP address of the respective  
servers?? I mean if v have something like

# Setup the network addresses you are protecting
var HOME_NET 192.168.1.0/24

# Set up the external network addresses. Leave as "any" in most situations
var EXTERNAL_NET !$HOME_NET

# List of DNS servers on your network
var DNS_SERVERS $HOME_NET

# List of SMTP servers on your network
var SMTP_SERVERS $HOME_NET

# List of web servers on your network
var HTTP_SERVERS $HOME_NET

# List of sql servers on your network
var SQL_SERVERS $HOME_NET

# List of telnet servers on your network
var TELNET_SERVERS $HOME_NET

# List of ssh servers on your network
var SSH_SERVERS $HOME_NET

# List of ftp servers on your network
var FTP_SERVERS $HOME_NET

then how will SNORT get to know which one is our DNS Server and so on???

Please someone reply asap...
Thanks



------------------------------------------------------------------------------
The demand for IT networking professionals continues to grow, and the
demand for specialized networking skills is growing even more rapidly.
Take a complimentary Learning@Cisco Self-Assessment and learn 
about Cisco certifications, training, and career opportunities. 
http://p.sf.net/sfu/cisco-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!