[Snort-users] A Question about the Conception

Jeff jam at ...615...
Mon Oct 9 07:48:48 EDT 2000


On Mon, Oct 09, 2000 at 01:38:04AM -0700, Dragos Ruiu wrote:
> On Sun, 08 Oct 2000, Alexandre Soares wrote:
> > Sorry guys, I'm have a machine running classical internet services, like 
> > as www, smtp, and so on, this machine is working in a big provider, to 
> > improve the security this machine run too a Linux firewall, this firewall 
> > tell me only what pass and what packet not passed, but I see in the snort a 
> > big light, because I can see the signature of the atack or eventual mistake.
> > 
> > 	But when running this solution in my machine the fact I seen all network, 
> > what I can do to analyze only my machine, bechause the addres is based in 
> > cidr not in ip, sorry for my stupid question and my poor english too.
> 
> Snort addresses take CIDR netmasks.... so you could say 192.168.0.0/16 for the
> the value of $HOME_NET.
> 
> cheers,
> --dr
> 

would it follow, then, that if you want to specify only one machine, you
could use 192.168.1.100/32?

J
-- 
|| resnet 2000 -- <http://www.resnet.emich.edu/>
|| psa member -- <http://www.python.org/psa/> 



More information about the Snort-users mailing list