[Snort-users] eliminating false positives

Ragnar Beer rbeer at ...1214...
Fri Jan 26 05:42:30 EST 2001


Howdy!

I'm new to snort and got everything running well. But although I set 
HOME_NET to one address/32 all the windows machines in our whole net 
show up with 3 ICMPs to 224.0.0.2 every now and then ("ICMP unknown 
type"). What do I need to do to get rid of these alerts?

A second question: What's the EXTERNAL_NET var in snortfull.conf good 
for? Isn't everything external that's not HOME_NET?

Ragnar




More information about the Snort-users mailing list