[Snort-users] Home-Net, and so on!

Fritjof Heyde fritjof.heyde at ...5082...
Wed Mar 27 21:32:07 EST 2002


I just somehow dont get it.

Whats with that Home_net in the starting option -h home net and that 
home net in the conf files?
As far as I now, the -h option is just for logging to files. Doesnt 
really matter when I'm logging to a DB.
At least thats what the Manual says.
I'm using snort 1.8.3 with a MySQL db.
and first problem I had, when I set in the command line -h 
$<device>_ADRRESS it tells me I have to enter a subnet. Ok! No problem. 
But I could not get Snort to start whatever I did to enter the Netmask. 
Maybe its just a typing thing. But I couldnt figure it out.
So to complete this, in the maual it says "-h <homenet> is the net I 
want to defend." Ok! for me that means, that would be the 
192.168.48.1/5. THats the lan I want to defend. Or is it the ip I'm 
actually in the internet with?
Thats the first Problem. :)


Other thing, when I set Home_Net to my dial up device in the conf file 
and the external net to any, I dont get any alarms anymore.
Not from the outside nor the inside.
I only get alarms, when I set both nets to any.
But I guess that wouls be ok, but doesnt really make too much sense, 
since in the rules it say explicite Packets coming from external to home 
--> Log
Only a few rules saying Home to external.
So why do I not get alarms?? Thats the second one.
Plus, Home_net in the conffiles, what does it mean? Is it the net I want 
to defend? Like 192.168.48.1/5 or is it the Ip I'm in the internet with?

Although this is probably all pretty weard, I would be greatfull, if 
someone coukd give me some anwsers. :)

Greets
Bydlo





More information about the Snort-users mailing list