Home page logo
/

snort logo Snort mailing list archives

Re: Home_Net, External_Net issue
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 21 May 2013 18:15:30 -0400

On 5/21/2013 16:12, Josh Bitto wrote:
Just udp….I think I have some insight…..When looking at the config Line 44 shows…

# Setup the network addresses you are protecting

ipvar HOME_NET [YOU_NEED_TO_SET_HOME_NET_IN_snort.conf]

We use pfsense so it modifies the config accordingly. I’m trying to find a way
to change that line to ipvar HOME_NET Any

And not have it break anything within pfsense.

if this is like another firewall product that i'm familiar with, it may be that 
that line is supposed to be replaced with an include line which contains the 
name of another file that the firewall maintains with your WAN IP and possibly 
even your DNS servers...

where did your snort.conf file come from? is it one that was included within the 
mod you applied to your pfsense installation??

*From:*Joel Esler [mailto:jesler () sourcefire com]
*Sent:* Tuesday, May 21, 2013 12:47 PM
*To:* Josh Bitto
*Cc:* snort-users () lists sourceforge net
*Subject:* Re: [Snort-users] Home_Net, External_Net issue

On May 21, 2013, at 1:58 PM, Josh Bitto <jbitto () onlineschool ca
<mailto:jbitto () onlineschool ca>> wrote:



I’m wondering if this is a config issue or traffic setup issue. Currently my
internal network the ONLY thing that ever shows up is portscans. I can’t get
anything else to be looked at. Is this due to a Home_net and External_net being
setup wrong? My understanding is if I list Home_net to “any” then snort should
monitor that traffic.

Is the traffic that you /are/ alerting on only UDP or TCP too?



-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service 
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault