[Snort-users] Why doesn't this work?

Ralf Günthner tgue at ...106...
Thu Jul 20 08:07:46 EDT 2000


I have lots of internal nets, most of them in the 10.x range but also 200.* and others. I start snort with this config file:

var INTERNAL 10.0.0.0/8
var EXTERNAL !10.0.0.0/8
var HOME_NET $INTERNAL
include /root/snort/vision.conf.txt
include /root/snort/06082k.rules.txt
var INTERNAL 200.0.0.0/8
var EXTERNAL !10.0.0.0/8
var HOME_NET $INTERNAL
include /root/snort/vision.conf.txt
include /root/snort/06082k.rules.txt

starup command for snort:
snort -i eth0 -h 10.0.0.0/8 -l ./log -o -e -d -c myrules.cfg &

But I'm still getting alerts on packets originating in the 200.x range. Can anyone point out what's wrong?

Thanks
Cheers
Ralf





More information about the Snort-users mailing list