[Snort-users] Multiple IP address matching
kris at ...484...
Wed Sep 20 21:23:26 EDT 2000
As far as I can tell, snort doesn't have the capability to match on a
list of IP addresses, only on a single CIDR block or the negation of
For my purposes, I have a number of machines which are part of a
larger class B subnet (not contained within a smaller address block),
and I want to be able to treat other machines on that class B as being
external. I don't think there's any current way to do this, which
means I either have to put up with snort traffic between my "internal"
machines being logged as suspicious, or trust the entire class B and
hope no-one else is poking at my machines.
Does anyone have any suggestions?
In God we Trust -- all others must submit an X.509 certificate.
-- Charles Forsythe <forsythe at ...485...>
More information about the Snort-users