[Snort-sigs] Holy false Positives
Shaun T. Erickson
ste at ...2549...
Wed Jun 16 08:23:02 EDT 2004
Matthew Watchinski wrote:
> Make sure you set your $HOME_NET and $EXTERNAL_NET variables correctly.
> Setting these to the correct subnets will most likely eliminate your
> SCAN UPnP service discover attempt alerts.
> $HOME_NET = all the networks your protect
> $EXTERNAL_NET = !$HOME_NET
I have three sensors, each on their own subnet. Each of them should have
their $HOME_NET set to the network they are sniffing, and just that,
As for each system's $EXTERNAL_NET, they were set to "any", as suggested
in the snort.conf file. I've just changed them to be like you stated above.
Do I have it right, now?
More information about the Snort-sigs