[Snort-users] HOME_NET strangeness

Fyodor fygrave at ...121...
Wed Mar 28 14:24:29 EST 2001


On Wed, Mar 28, 2001 at 08:07:10PM +0100, James Pattinson wrote:
> Hi
> 
> $HOME_NET is set to my network, 193.195.220.112/28.
> (my netmask is 255.255.255.240)
> 
> However, I still get alerts for activity within my local net, ie:
> 
> 03/28-20:03:22.616533  [**] IDS126 - Outgoing Xterm [**]
> 193.195.220.121:6000 -> 193.195.220.114:35814
> 
> How can I fix this? the rule for this alert specifies
> $EXTERNAL_NET 6000:6005 -> $HOME_NET
> 
> and the alert clearly relates to HOME_NET --> HOME_NET.
> 

Hmm.. and what is your EXTERNAL_NET definition like? :)




More information about the Snort-users mailing list