[Snort-users] newbie questions about snort.conf

Daniel Lopez dlopez at ...6134...
Fri Jul 26 06:32:04 EDT 2002


Hello,

I'm a newbie with Snort and I guess you will find the following
questions are basic.
I'm performing some tests on Snort with two LANs. I set the HOME_NET and
EXTERNAL_NET variables to these values:

var HOME_NET 10.50.1.0/24
var EXTERNAL_NET !$HOME_NET

However, I would like to detect attacks from boths subnets. Do you know
if I will be able to detect attacks from both sides (from inside and
outside my home network) with these values or should I set them to ANY?

Then, because I am using small LANS for tests, I don't have any SMTP,
HTTP and SQL servers.
Thus, do I have to set the other variables to ANY (HTTP_SERVERS,
SQL_SERVERS,...) or do I have to comment them? (however, if I comment
them, I will have problems with rules, isn't it?)

Last question [sorry! :( ], I downloaded last version 1.8.7 and the
snort rulesets.
My question is how do I update rules?
Can I do it manually by copying them to the default Snort directory or
only by changing the RULE_PATH variable, or do I have to use a script
such as Oinkmaster?

Thanks in advance for all your help and sorry for all these basic
questions...

Daniel Lopez





More information about the Snort-users mailing list