[Snort-users] I need help with network address setup
erek at ...577...
Tue Jul 30 06:48:05 EDT 2002
On Tue, 30 Jul 2002, Steve Jacobsen wrote:
> I'm just getting snort setup and have run some probes against my network
> but it only sends alerts on the IP address of my snort machine. I am
> using IDScenter 1.09 Beta2 to configure and run snort.
> Under log settings I set home network to: xxx.xxx.xxx.78/32 (the IP
> address of my snort machine) and I get some alerts.
> Under the IDS rules I set the Network vaiables as follows:
> Home_net xxx.xxx.xxx.64/27 (I have the 64 to 95 range)
> External_Net any
> Smtp $home_net
> Http_servers $home_net
> Sql_servers $home_net
> Dns_servers $home_net
> What am I doing wrong?
You've got your home network set wrong. You have "xxx.xxx.xxx.78/32"
and it should be "xxx.xxx.xxx.64/27", if .64 is your network address. You
might want to consider setting EXTERNAL_NET to '!$HOME_NET' so that the rules
look for things not on your home net instead of looking at everything.
Hope that helps!
More information about the Snort-users