Snort mailing list archives
Re: HOME_NET and EXTERNAL_NET
From: Tim Slighter <tslighter () itc nrcs usda gov>
Date: Wed, 01 Dec 2004 15:42:22 -0700
It might help too to tell us what alerts are firing off for this particular config. Many SNMP, WEB, and other rules files will fire off alerts for the $HOME_NET whenever a connection is either intitiated outbound or if a valid incoming connection dynamically uses a port that fires a backdoor.rules TCP/UDP port
JAMIE CRAWFORD wrote:
Hi, I'm a little frustrated on getting snort setup right. I have my var HOME_NET [192.168.1.0/24,192.168.2.0/24] and my var EXTERNAL_NET [!192.168.0.0/16], but for some reason I'm still getting alerts coming from my own home networks class b address (192.168.0.0/16). I don't care about my class b, just attacks made toward my two class c networks. I've tried var EXTERNAL_NET !192.168.0.0/16 I've tried var EXTERNAL_NET ![192.168.0.0/16] any help is appreciated. thanks, jamie ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users.Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- HOME_NET and EXTERNAL_NET JAMIE CRAWFORD (Dec 01)
- RE: HOME_NET and EXTERNAL_NET M. Shirk (Dec 01)
- Re: HOME_NET and EXTERNAL_NET Tim Slighter (Dec 01)
- Re: HOME_NET and EXTERNAL_NET M. Shirk (Dec 02)
- Re: HOME_NET and EXTERNAL_NET Tim Slighter (Dec 01)
- Re: HOME_NET and EXTERNAL_NET Tim Slighter (Dec 01)
- <Possible follow-ups>
- RE: HOME_NET and EXTERNAL_NET JAMIE CRAWFORD (Dec 01)
- Re: HOME_NET and EXTERNAL_NET Tim Slighter (Dec 01)
- RE: HOME_NET and EXTERNAL_NET Paul Schmehl (Dec 01)
- Re: HOME_NET and EXTERNAL_NET JAMIE CRAWFORD (Dec 01)
- Re: HOME_NET and EXTERNAL_NET Matt Kettler (Dec 01)
- RE: HOME_NET and EXTERNAL_NET Joe Patterson (Dec 01)
- HOME_NET and EXTERNAL_NET JAMIE CRAWFORD (Dec 02)
- RE: HOME_NET and EXTERNAL_NET M. Shirk (Dec 01)