[Snort-users] Multiple HOME_NET IP's

Vitaly McLain twistah at ...93...
Fri Aug 11 00:32:17 EDT 2000


Hi,

Regarding monitoring a class C. Let's say your Class C is 192.168.1.x, you can set your $HOME_NET as:

var HOME_NET 192.168.1.0/24 

(I hope I'm right on that one, I always screw up netmasks! :) That should take care of a class C. Notice that's it's /24 and not /32.

The preproccesor 'portscan' is a variable used to setup your portscan detection (I am assuming you understand the term portscan.) You may leave the default numbers there, just make sure to set the IP to $HOME_NET.

Vitaly McLain
twistah at ...93...
[ note: this message was sent to both [snort-users] and the person who originally posted the message ].
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20000810/57af2dbf/attachment.html>


More information about the Snort-users mailing list