[Snort-users] A Question about the Conception
jam at ...615...
Mon Oct 9 07:48:48 EDT 2000
On Mon, Oct 09, 2000 at 01:38:04AM -0700, Dragos Ruiu wrote:
> On Sun, 08 Oct 2000, Alexandre Soares wrote:
> > Sorry guys, I'm have a machine running classical internet services, like
> > as www, smtp, and so on, this machine is working in a big provider, to
> > improve the security this machine run too a Linux firewall, this firewall
> > tell me only what pass and what packet not passed, but I see in the snort a
> > big light, because I can see the signature of the atack or eventual mistake.
> > But when running this solution in my machine the fact I seen all network,
> > what I can do to analyze only my machine, bechause the addres is based in
> > cidr not in ip, sorry for my stupid question and my poor english too.
> Snort addresses take CIDR netmasks.... so you could say 192.168.0.0/16 for the
> the value of $HOME_NET.
would it follow, then, that if you want to specify only one machine, you
could use 192.168.1.100/32?
|| resnet 2000 -- <http://www.resnet.emich.edu/>
|| psa member -- <http://www.python.org/psa/>
More information about the Snort-users