[Snort-users] What am I missing?

Ed Greshko Edward.M.Greshko at ...1974...
Sun May 6 00:56:22 EDT 2001


> > Snort configuration:
> >   var HOME_NET [,!]
> >
> The machines are on the same subnet, yet you are defining EXTERNAL_NET as
> "everything that is not in the internal subnet"... so any rule that
> watches for external->internal will skip right over your traffic.

I would have thought that the ! would make that host (even
though it is on the same subnet) not part of HOME_NET.

Then, since EXTERNAL_NET is everything not on HOME_NET I thought a !! would
make .96 part of the EXTERNAL_NET.

> Try setting EXTERNAL_NET to "any" if you want to do local testing like
> this...

OK....I'll give that a try....


P.S.  No switch.

More information about the Snort-users mailing list