[Snort-users] Home_net & external_net

Don Don at ...5881...
Thu Dec 5 17:26:18 EST 2002

Home_net & external_neti'm not sure if you can have the ANY there inside
that parenths, mayb try a trusted_net variable, since your excluding one
segment of your home_net
var TRUSTED_NET [,!]


  -----Original Message-----
  From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Jeremy Finke
  Sent: Thursday, December 05, 2002 4:20 PM
  To: snort-users at lists.sourceforge.net
  Subject: [Snort-users] Home_net & external_net

  I have something that is driving me crazy.

  I have alerts going off from within two different segments of my HOME_NET.
I don't understand why I am seeing these.  Here are the 2 lines from my

  var HOME_NET [,,]
  var EXTERNAL_NET [any,!,!]

  I have an alert from going to that is SNMP
request udp.  Why is that showing up?  Since they are both HOME_NET
networks, shouldn't snort not log this type of activity?

  I also have other examples:
   #7-(2-1418) [arachnids][snort] ICMP L3retriever Ping 2002-12-05 18:13:15 ICMP
   #9-(2-1426) [cve][icat][arachnids][snort] TELNET access 2002-12-05

  Jeremy T. Finke
  Systems Engineer
  Meridian IQ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20021205/ac8d363a/attachment.html>

More information about the Snort-users mailing list