[Snort-users] Multiple HOME_NET IP's

Andy Beal abeal at ...316...
Fri Aug 11 13:04:41 EDT 2000


How about 2 Completely different HOME_NET subnets, such as and, how would I get this done?   Will some sort of Boolean And work inside the variable, it seems that the rules will/should interpret correctly, but I could be wrong.   

Andy Beal, CNE, CCNA
Matrix Integration, LLC

>>> "Vitaly McLain" <twistah at ...93...> 08/10/00 11:32PM >>>

Regarding monitoring a class C. Let's say your Class C is 192.168.1.x, you can set your $HOME_NET as:


(I hope I'm right on that one, I always screw up netmasks! :) That should take care of a class C. Notice that's it's /24 and not /32.

The preproccesor 'portscan' is a variable used to setup your portscan detection (I am assuming you understand the term portscan.) You may leave the default numbers there, just make sure to set the IP to $HOME_NET.

Vitaly McLain
twistah at ...93... 
[ note: this message was sent to both [snort-users] and the person who originally posted the message ].

More information about the Snort-users mailing list