[Snort-users] Multiple IP address matching

Kris Kennaway kris at ...484...
Wed Sep 20 21:23:26 EDT 2000


Hi there,

As far as I can tell, snort doesn't have the capability to match on a
list of IP addresses, only on a single CIDR block or the negation of
that block.

For my purposes, I have a number of machines which are part of a
larger class B subnet (not contained within a smaller address block),
and I want to be able to treat other machines on that class B as being
external. I don't think there's any current way to do this, which
means I either have to put up with snort traffic between my "internal"
machines being logged as suspicious, or trust the entire class B and
hope no-one else is poking at my machines.

Does anyone have any suggestions?

Kris

--
In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <forsythe at ...485...>




More information about the Snort-users mailing list