[Snort-users] Multiple HOME_NET IP's
abeal at ...316...
Fri Aug 11 13:04:41 EDT 2000
How about 2 Completely different HOME_NET subnets, such as 192.168.0.0/24 and 10.0.0.0/8, how would I get this done? Will some sort of Boolean And work inside the variable, it seems that the rules will/should interpret correctly, but I could be wrong.
Andy Beal, CNE, CCNA
Matrix Integration, LLC
>>> "Vitaly McLain" <twistah at ...93...> 08/10/00 11:32PM >>>
Regarding monitoring a class C. Let's say your Class C is 192.168.1.x, you can set your $HOME_NET as:
var HOME_NET 192.168.1.0/24
(I hope I'm right on that one, I always screw up netmasks! :) That should take care of a class C. Notice that's it's /24 and not /32.
The preproccesor 'portscan' is a variable used to setup your portscan detection (I am assuming you understand the term portscan.) You may leave the default numbers there, just make sure to set the IP to $HOME_NET.
twistah at ...93...
[ note: this message was sent to both [snort-users] and the person who originally posted the message ].
More information about the Snort-users