[Snort-users] HOME_NET strangeness
fygrave at ...121...
Wed Mar 28 14:24:29 EST 2001
On Wed, Mar 28, 2001 at 08:07:10PM +0100, James Pattinson wrote:
> $HOME_NET is set to my network, 126.96.36.199/28.
> (my netmask is 255.255.255.240)
> However, I still get alerts for activity within my local net, ie:
> 03/28-20:03:22.616533 [**] IDS126 - Outgoing Xterm [**]
> 188.8.131.52:6000 -> 184.108.40.206:35814
> How can I fix this? the rule for this alert specifies
> $EXTERNAL_NET 6000:6005 -> $HOME_NET
> and the alert clearly relates to HOME_NET --> HOME_NET.
Hmm.. and what is your EXTERNAL_NET definition like? :)
More information about the Snort-users