preprocessors rules

[Dan Roberts <danroberts2604 () gmail com>]

Hi all,

One of my Snort sensor (eth1) is listening to the network traffic of many
VLANs, sharing the same trunk.
And although I've defined only one VLAN (IP subnet) as my HOME_NET
in snort.conf,
I receive many preprocessor alarms related to other vlans(IP subnets)
without any relation to my HOME_NET.

My question: do the preprocessor rules apply to all the network traffic the
sensor sees, regardess the HOME_NET setting in snort.conf ? Or is there
something I missed ?

Thanks in advance for your help !

Dan

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=190641631&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!