[Snort-users] defining $HOME_NET
Erik.Engberg at ...511...
Thu Oct 19 16:08:03 EDT 2000
or /12 or /14, or /15 etc
As long as the subnets are adjacent to each other you should have little
trouble.. the problems start when they aren´t...
On one installation I have snort sniffing on 5 class C nets that are
xxx.xxx.240.0 - xxx.xxx.245.0
But I have to use a /21 netmask to cover this in "one" net.
Of course this means that xxx.xxx.246.0/24 and xxx.xxx.247.0/24 are
considered my home_net as well but there´s no traffic whatsoever from those
nets I can take that problem, although it wouldn´t be fun if they started
messing with me or an attacker found that out. Damage wouldn´t be to great
but visibility is hampered and you have to take that into consideration...
Best thing is that I have control and I can always deny those nets in my
border router or firewall. Problem solved (although not so "neat").
When are we getting support for multiple home_nets? Are we getting it?
From: Steve Halligan [mailto:agent33 at ...187...]
Sent: den 19 oktober 2000 19:45
To: 'Joanne Treurniet'; Snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] defining $HOME_NET
would a /13 work?
examples of a /13
x.0.0.0 - x.7.255.255
x.8.0.0 - x.15.255.255
x.16.0.0 - x.23.255.255
> -----Original Message-----
> From: Joanne Treurniet [ mailto:joanne_treurniet at ...125...
<mailto:joanne_treurniet at ...125...> ]
> Sent: Thursday, October 19, 2000 10:50 AM
> To: Snort-users at lists.sourceforge.net
> Subject: [Snort-users] defining $HOME_NET
> How would one go about defining the HOME_NET variable in the
> case where the
> network is very large and contains more than one class B IP range?
> e.g. HOME_NET might consist of:
> and these numbers don't make for convenient subnetting (e.g. /16).
> Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com <http://www.hotmail.com> .
> Share information about yourself, create your own public profile at
> http://profiles.msn.com <http://profiles.msn.com> .
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users