[Snort-users] A Question about the Conception

Dragos Ruiu dr at ...381...
Mon Oct 9 04:38:04 EDT 2000


On Sun, 08 Oct 2000, Alexandre Soares wrote:
> Sorry guys, I'm have a machine running classical internet services, like 
> as www, smtp, and so on, this machine is working in a big provider, to 
> improve the security this machine run too a Linux firewall, this firewall 
> tell me only what pass and what packet not passed, but I see in the snort a 
> big light, because I can see the signature of the atack or eventual mistake.
> 
> 	But when running this solution in my machine the fact I seen all network, 
> what I can do to analyze only my machine, bechause the addres is based in 
> cidr not in ip, sorry for my stupid question and my poor english too.

Snort addresses take CIDR netmasks.... so you could say 192.168.0.0/16 for the
the value of $HOME_NET.

cheers,
--dr

-- 
Dragos Ruiu <dr at ...50...>   dursec.com ltd. / kyx.net - we're from the future 
gpg/pgp key on file at wwwkeys.pgp.net



More information about the Snort-users mailing list