Snort mailing list archives
Regarding snort.conf HOME_NET and EXTERNAL_NET
From: Brandon Phelps <bphelps () gls com>
Date: Thu, 10 Nov 2011 16:39:16 -0500
Hello, The default snort.conf indicates that you should leave EXTERNAL_NET as "any" in most situations. I already have HOME_NET set to [10.0.0.0/8] (my internal network) so would it be prudent to set EXTERNAL_NET to !$HOME_NET instead, or should I leave it as any? I would like to cut down on false positives and such as much as possible without the risk of losing any truly malicious alerts. I have seen other configuration examples that have EXTERNAL_NET set to negate HOME_NET, so I'm not sure which is best. Thanks, Brandon ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Regarding snort.conf HOME_NET and EXTERNAL_NET Brandon Phelps (Nov 10)
- Re: Regarding snort.conf HOME_NET and EXTERNAL_NET Adam Hogan (Nov 11)