[Snort-users] I need help with network address setup

Erek Adams erek at ...577...
Tue Jul 30 06:48:05 EDT 2002


On Tue, 30 Jul 2002, Steve Jacobsen wrote:

> I'm just getting snort setup and have run some probes against my network
> but it only sends alerts on the IP address of my snort machine. I am
> using IDScenter 1.09 Beta2 to configure and run snort.
>
> Under log settings I set home network to: xxx.xxx.xxx.78/32 (the IP
> address of my snort machine) and I get some alerts.
>
> Under the IDS rules I set the Network vaiables as follows:
>
> Home_net 		xxx.xxx.xxx.64/27 (I have the 64 to 95 range)
> External_Net	any
> Smtp			$home_net
> Http_servers	$home_net
> Sql_servers		$home_net
> Dns_servers		$home_net
>
> What am I doing wrong?

Steve,

	You've got your home network set wrong.  You have "xxx.xxx.xxx.78/32"
and it should be "xxx.xxx.xxx.64/27", if .64 is your network address.  You
might want to consider setting EXTERNAL_NET to '!$HOME_NET' so that the rules
look for things not on your home net instead of looking at everything.

	Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list