[Snort-users] Home-Net, and so on!
fritjof.heyde at ...5082...
Wed Mar 27 21:32:07 EST 2002
I just somehow dont get it.
Whats with that Home_net in the starting option -h home net and that
home net in the conf files?
As far as I now, the -h option is just for logging to files. Doesnt
really matter when I'm logging to a DB.
At least thats what the Manual says.
I'm using snort 1.8.3 with a MySQL db.
and first problem I had, when I set in the command line -h
$<device>_ADRRESS it tells me I have to enter a subnet. Ok! No problem.
But I could not get Snort to start whatever I did to enter the Netmask.
Maybe its just a typing thing. But I couldnt figure it out.
So to complete this, in the maual it says "-h <homenet> is the net I
want to defend." Ok! for me that means, that would be the
192.168.48.1/5. THats the lan I want to defend. Or is it the ip I'm
actually in the internet with?
Thats the first Problem. :)
Other thing, when I set Home_Net to my dial up device in the conf file
and the external net to any, I dont get any alarms anymore.
Not from the outside nor the inside.
I only get alarms, when I set both nets to any.
But I guess that wouls be ok, but doesnt really make too much sense,
since in the rules it say explicite Packets coming from external to home
Only a few rules saying Home to external.
So why do I not get alarms?? Thats the second one.
Plus, Home_net in the conffiles, what does it mean? Is it the net I want
to defend? Like 192.168.48.1/5 or is it the Ip I'm in the internet with?
Although this is probably all pretty weard, I would be greatfull, if
someone coukd give me some anwsers. :)
More information about the Snort-users