[Snort-users] What am I missing?
Edward.M.Greshko at ...1974...
Sun May 6 00:56:22 EDT 2001
> > Snort configuration:
> > var HOME_NET [10.220.17.0/24,!10.220.17.96/32]
> > var EXTERNAL_NET !$HOME_NET
> The machines are on the same subnet, yet you are defining EXTERNAL_NET as
> "everything that is not in the internal subnet"... so any rule that
> watches for external->internal will skip right over your traffic.
I would have thought that the !10.220.17.96/32 would make that host (even
though it is on the same subnet) not part of HOME_NET.
Then, since EXTERNAL_NET is everything not on HOME_NET I thought a !! would
make .96 part of the EXTERNAL_NET.
> Try setting EXTERNAL_NET to "any" if you want to do local testing like
OK....I'll give that a try....
P.S. No switch.
More information about the Snort-users