[Snort-users] HOME_NET and EXTERNAL_NET variables

Merrick, Gary Gary.Merrick at ...3973...
Thu Nov 1 11:00:18 EST 2001


Yes, this is a total newbie question, but I figured this is the right
place to ask it.  What is the purpose of the HOME_NET and EXTERNAL_NET
variables that are defined in snort.conf?  Does it change the formatting
of the alerts?  Or perhaps turn off the scanning of packets originating
from an internal network?  Or something else?

I would imagine this would be a fairly straightforward process to define
them if one had an extremely simple network architecture.  But my
ultimate aim is to be able to monitor 3 or 4 networks.  In such a case,
what is considered "home" and what is "external"?

Any guidance would be much appreciated.

Gary




More information about the Snort-users mailing list