[Snort-users] Help with HOME_NET

Martin Roesch roesch at ...1935...
Mon Oct 15 10:36:02 EDT 2001


Set 'var EXTERNAL_NET !$HOME_NET', that'll work.

     -Marty

james wrote:
> 
> var HOME_NET
> [209.12.73.0/24,216.84.73.0/24,216.84.74.0/24,209.194.200/24,216.253.144.0/2
> 4,66.55.20.0/22,198.59.109.0/24,198.59.168.0/24,207.66.11.0/24,205.166.1.0/2
> 4]
> 
> var EXTERNAL_NET any
> 
> var SMTP [198.59.109.2,198.59.109.4]
> 
> var HTTP_SERVERS
> [209.12.73.122,216.84.74.7,198.59.109.7,209.12.73.4,209.12.73.9,198.59.109.4
> ,209.12.73.3]
> 
> var SQL_SERVERS $HOME_NET
> 
> var DNS_SERVERS
> [198.59.109.7,209.12.73.14,66.55.20.3,198.59.109.2,216.84.74.7]
> 
> It seems like HOME/EXTERNAL_NET are not working. I would like EXTERNAL_NET
> to be the "outside" IP's (internet side of router) Once I configed SMTP,
> HTTP, and DNS it cut down thhe reporting of internal scans, but should not
> "HOME_NET of done this ?
> 
> James
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

--
Martin Roesch - President, Sourcefire Inc. - (410)552-6999
roesch at ...1935... - http://www.sourcefire.com  
Snort: Open Source Network IDS - http://www.snort.org




More information about the Snort-users mailing list