[Snort-users] Home-Net, and so on!

Wirth, Jeff WirthJe at ...4876...
Thu Mar 28 07:10:02 EST 2002


> Whats with that Home_net in the starting option -h home net and that 
> home net in the conf files?

Using the "-h <ip address/network>" will override your snort.conf "HOME_NET"
variable.  Also the "-h" option is useful if you're running snort without
"-c" (No snort.conf).

> But I could not get Snort to start whatever I did to enter the Netmask. 

Snort is looking for IP/Net in CIDR notation. i.e. 192.168.1.0/24.  Based on
your information, I would guess you are using a 192.168.0.0 address space
for you private network.  Your entry of 192.168.48.1/5 looks a bit odd.  Is
your internal network 192.168.48.0? If so the correct CIDR notation would be
192.168.48.0/24.

> Plus, Home_net in the conffiles, what does it mean? Is it the net I want 
> to defend? Like 192.168.48.1/5 or is it the Ip I'm in the internet with?

I am guessing that you have a firewall/NAT device doing ppp to the internet.
If this is the case you will what to have snort snorting on your
interface/ip address on the public side (internet).

It would be helpful if you gave a general description of how your network is
laid out...

Hope this helps,

- Jeff




More information about the Snort-users mailing list