[Snort-users] problem on start up ...

Martin Roesch roesch at ...421...
Thu Jan 25 14:49:05 EST 2001


"VOYER, DANIEL" wrote:
> 
> var HOME_NET 1.1.1.1.0/24 (this is my network, this one is an example)
               ^^^^^^^^^^^^

This is an invalid IP/CIDR, last I checked there are only 4 octets in an
IP address. :)

> #  you can define multiple networks in single variable (or use them
> directly in rules)
> # var HOME_NET [10.1.1.0/24,10.1.2.0/24,192.168.1.0/24]
> 
> var EXTERNAL_NET outside network IPs
> #---------------------------------------------
> 
> preprocessor http_decode: 80 8080
> preprocessor minfrag: 128
> preprocessor portscan:  0.0.0.0/0 3 5
> /var/log/snort/snort_portscan.log (I follow what I found in tha FAQ)

You should probably set the IP for the portscan detector to $HOME_NET
instead of 0.0.0.0/0 (or just use 'any'.


     -Marty

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list