[Snort-users] home_net question

McCammon, Keith Keith.McCammon at ...3497...
Tue Mar 12 05:35:03 EST 2002


There are two "home net" settings in Snort: 1) The $HOME_NET variable in
the config file, which is only a variable used within your .rules files,
and 2) the -h directive at the command-line, which essentially tells
Snort which network address(es) you are defending, causing Snort to
inspect and log traffic accordingly.

In certain cases and architectures, some users might not notice if these
variables are not set.  However, in most cases, you will notice if the
command-line directive is not set, because some attacks against your
network would be logged in directories named for the target address.

Cheers

Keith

-----Original Message-----
From: Basil Saragoza [mailto:snortlst at ...125...]
Sent: Monday, March 11, 2002 6:42 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] home_net question


I try to figure out what is the meaning of home_net. FAQ says it is a
network that I'm defending.
Is that a logical definition (home_net) or does it make some practical
sense?
For example I can set home_net to:
1. address range of my lan
2. eth0_ADDRESS
3. address of my firewall only.
I actually tried all of them and didn't notice real difference...


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list