Developers help please! WAS: Re: [Snort-users] Couldn't resolve hostname HOME_NET

Jason Lewis jlewis at ...1831...
Tue Apr 24 08:17:15 EDT 2001

How about posting the snort.conf you are using to the list?  I imagine it is
a syntax error.

Jason Lewis
"All you can do is manage the risks. There is no security."

-----Original Message-----
From: snort-users-admin at
[mailto:snort-users-admin at]On Behalf Of dotslash
Sent: Tuesday, April 24, 2001 8:03 AM
To: Snort
Subject: Developers help please! WAS: Re: [Snort-users] Couldn't resolve
hostname HOME_NET

Sorry but I'm getting really frustrated.  I've removed the firewall, done
all those things I've mentioned earlier in the original thread, and I still
can't figure out why on earth snort would give "couldn't resolve hostname

It is defined as well as the other needed variables plus I've remarked all
those unneeded vars.

Here's my system:

FreeBSD 4-2.RELEASE, 32Mb ram, 1Gb hd, P3 133Mhz.

I've used the snort.conf that came with the tarball, created my own, and
still I get the same message!

Appreciate your help!

> > Hrm...  Ok, not to sound silly--But did you customize the rules any?  I
> had a
> > rather silly error in mine where I was using "HOME_NET" instead of
> nope i didn't touch the rules files.  here's the supposed to be offending
> line:
> alert tcp $EXTERNAL_NET 80 -> $HOME_NET any (msg:"EXPLOIT netscape 4.7
> client ov
> erflow"; content: "|33 C9 B1 10 3F E9 06 51 3C FA 47 33 C0 50 F7 D0 50|";
> flags:
>  A+; reference:arachnids,215; classtype:attempted-user;)
> > "$HOME_NET".  From the output you showed it seems like line 4 of the
> > exploit.rules is where the trouble is.  If you comment out that line,
> the
> > error still occur?
> >
> i thought of that and i've actually started remarking the offending line/s
> one by one but what happens is the offending line would just go to the
> unremarked line!  i also remarked exploit.rules and still got the same
> message for the next rule in line (which is scan.rules).
> > > well, i'll finish coffee first then d/l snort again.  hell maybe i'll
> use
> > > 1.8 then...l8rs
> >
> > I would suggest it!  Granted 1.8 is still beta, but with all the nifty
> stuff
> > that Marty and Company (You guys Rock!) have tossed in, it's damn
> > Vlans, uricontent, rpc decoding, command line params not 'needed', it
> makes
> > coffee....  ;-)
> >
> well, i got 1.8 and the ruleset that goes with it.  same error. :-(

Snort-users mailing list
Snort-users at
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list