[Snort-sigs] Rules question

lists at ...3397... lists at ...3397...
Thu Dec 1 21:03:04 EST 2016


On 12/01/16 19:43, neil ramsarran wrote:
> I'm having the same problem , I cannot seem to get the assignment done with
> running winpractice txt file on the snort. any help will be highly appreciated

I'm dealing with this as well, if you look on page #203 there is a diagram that
shows how to correctly implement it.  So in paragraph 3, sentence 5, on page
#215 it demonstrates this a bit BUT I would assert the problem is running into
RFC 1918.  If you look down, Diagram #6, they've scoped HOME_NET and
EXTERNAL_NET on the same /16 and defined it as that.  *clears throat while
drawing on the chalkboard* as we all know *puts monocle on* 192.168.1.5 and
192.168.10.2 sit on that same broadcast domain so it's probably not crossing a
Layer 3 boundary and capturing on the local interface doesn't show IDS
traversal.  This seems to be a book editing issue.





More information about the Snort-sigs mailing list