[Snort-users] eliminating false positives
rbeer at ...1214...
Fri Jan 26 05:42:30 EST 2001
I'm new to snort and got everything running well. But although I set
HOME_NET to one address/32 all the windows machines in our whole net
show up with 3 ICMPs to 220.127.116.11 every now and then ("ICMP unknown
type"). What do I need to do to get rid of these alerts?
A second question: What's the EXTERNAL_NET var in snortfull.conf good
for? Isn't everything external that's not HOME_NET?
More information about the Snort-users