[Snort-users] Concerning Cisco SPAN ports and Snort
JManzer at ...641...
Mon Oct 23 20:17:28 EDT 2000
What would be the proper HOME_NET val if your running off a SPAN port from a
The layout is as such...
An OpenBSD 2.7 system with fxp2 directly connected to a 6509 SPAN port. The
IP for fxp2 is 0.0.0.0 with a netmask of 0xffffff00.
My thinking is that it should be var HOME_NET 0.0.0.0/32. Would this be
correct? There should be no traffic directed to the IDS itself, but I want
to examine all traffic on the link as a normal IDS would.
More information about the Snort-users