Daniel van Balen
vdaniel at ...191...
Mon Aug 7 07:32:58 EDT 2000
On Mon, Aug 07, 2000 at 01:24:43PM -0400, Billy Smith wrote:
> I download the rules w/out !HOMENET from www.snort.org and I am running
> snort with the following options:
> snort -d -b -D -N -A fast -c testrules.txt
I guess that you mean the: "07272kany.rules - Same ruleset using 'any
any' instead of '$HOME_NET' variables" rules...
BTW to use the rules with $HOME_NET all you need to do is add a line to
the rules file like so:
var HOME_NET yournet/subnet
For example if you are only interested in atacks coming to the box
you're running snort on, the line would look like this:
var HOME_NET <your boxes ip addr>/32
> I am using CyberCop scanner to scan a box that is running snort, and I am
> not getting any alerts.
> Any ideas on what I am missing.
Where are you looking for the alerts? Did you enable the portscan
preprocesor? Are you sure CyberCop should trip any of the rules in your rules
More information about the Snort-users