[Snort-users] Does snort.conf have conflicting comments?
cpw at ...440...
Sun Nov 11 18:57:02 EST 2001
On Sun, Nov 11, 2001 at 11:19:51AM -0800, Erek Adams wrote:
> In looking at the current (CVS) snort.conf, I noticed something.
> Lines 37-42 discuss how to set the HOME_NET variable. They mention how to
> place multiple IP's into a list.
> 37 # You can specify lists of IP addresses for HOME_NET
> 38 # by separating the IPs with commas like this:
> 39 #
> 40 # var HOME_NET [10.1.1.0/24,192.168.1.0/24]
> 41 #
> 42 # MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST!
> Now, looking down a bit....
> 227 # Use portscan-ignorehosts to ignore TCP SYN and UDP "scans" from
> 228 # specific networks or hosts to reduce false alerts. It is typical
> 229 # to see many false alerts from DNS servers so you may want to
> 230 # add your DNS servers here. You can all multiple hosts/networks
> 231 # in a whitespace-delimited list.
> 232 #
> 233 preprocessor portscan-ignorehosts: $DNS_SERVERS
> It refers to a 'whitespace delimited list'.
> Is this right, wrong, or a feature of using a variable in the ignorehosts
> line? Or do I just need to get some coffee? :)
Candy is dandy, but liquor quicker. It would be nice if ip lists in snort were
consistant. They are not. I been there. Done that. Currently, I'm in
limbo doing other things. It would be nice to make a pass on the syntax,
enforce new syntax for plugins, plugouts, and other configuration what's-its.
The reason I'm pick'n on this bone is that I just got my first bug report
on my "vim" syntax file for snort (it's been released with a new release of
vim). So, I jumped into my code and started "fixin" things. Every damn
preprocessor and output plugin has a different way of specifying the same
sets of things: ip lists, port lists, var=value, etc. I need some "coffee".
> Erek Adams
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Phil Wood, cpw at ...440...
More information about the Snort-users