[Snort-users] defining $HOME_NET

Erik Engberg Erik.Engberg at ...511...
Thu Oct 19 16:08:03 EDT 2000


or /12 or /14, or /15 etc
As long as the subnets are adjacent to each other you should have little
trouble.. the problems start when they aren´t...
 
On one installation I have snort sniffing on 5 class C nets that are
adjacent
xxx.xxx.240.0 - xxx.xxx.245.0
 
But I have to use a /21 netmask to cover this in "one" net. 
xxx.xxx.240.0/21
 
Of course this means that xxx.xxx.246.0/24 and xxx.xxx.247.0/24 are
considered my home_net as well but there´s no traffic whatsoever from those
nets I can take that problem, although it wouldn´t be fun if they started
messing with me or an attacker found that out. Damage wouldn´t be to great
but visibility is hampered and you have to take that into consideration... 
 
Best thing is that I have control and I can always deny those nets in my
border router or firewall. Problem solved (although not so "neat").
 
When are we getting support for multiple home_nets? Are we getting it?
 
/Erik
 
 

-----Original Message-----
From: Steve Halligan [mailto:agent33 at ...187...]
Sent: den 19 oktober 2000 19:45
To: 'Joanne Treurniet'; Snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] defining $HOME_NET



would a /13 work? 
examples of a /13 

x.0.0.0 - x.7.255.255 
x.8.0.0 - x.15.255.255 
x.16.0.0 - x.23.255.255 
etc 

> -----Original Message----- 
> From: Joanne Treurniet [ mailto:joanne_treurniet at ...125...
<mailto:joanne_treurniet at ...125...> ] 
> Sent: Thursday, October 19, 2000 10:50 AM 
> To: Snort-users at lists.sourceforge.net 
> Subject: [Snort-users] defining $HOME_NET 
> 
> 
> Hi, 
> How would one go about defining the HOME_NET variable in the 
> case where the 
> network is very large and contains more than one class B IP range? 
> 
> e.g. HOME_NET might consist of: 
>      [x].[y].0.0 
>      [x].[y+1].0.0 
>      [x].[y+2].0.0 
>      [x].[y+3].0.0 
> and these numbers don't make for convenient subnetting (e.g. /16). 
> 
> Thanks! 
> Joanne 
> ______________________________________________________________ 
> ___________ 
> Get Your Private, Free E-mail from MSN Hotmail at 
> http://www.hotmail.com <http://www.hotmail.com> . 
> 
> Share information about yourself, create your own public profile at 
> http://profiles.msn.com <http://profiles.msn.com> . 
> 
> _______________________________________________ 
> Snort-users mailing list 
> Snort-users at lists.sourceforge.net 
> http://lists.sourceforge.net/mailman/listinfo/snort-users
<http://lists.sourceforge.net/mailman/listinfo/snort-users>  
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20001019/6b79f225/attachment.html>


More information about the Snort-users mailing list