[Snort-users] Home-Net, and so on!
WirthJe at ...4876...
Thu Mar 28 07:10:02 EST 2002
> Whats with that Home_net in the starting option -h home net and that
> home net in the conf files?
Using the "-h <ip address/network>" will override your snort.conf "HOME_NET"
variable. Also the "-h" option is useful if you're running snort without
"-c" (No snort.conf).
> But I could not get Snort to start whatever I did to enter the Netmask.
Snort is looking for IP/Net in CIDR notation. i.e. 192.168.1.0/24. Based on
your information, I would guess you are using a 192.168.0.0 address space
for you private network. Your entry of 192.168.48.1/5 looks a bit odd. Is
your internal network 192.168.48.0? If so the correct CIDR notation would be
> Plus, Home_net in the conffiles, what does it mean? Is it the net I want
> to defend? Like 192.168.48.1/5 or is it the Ip I'm in the internet with?
I am guessing that you have a firewall/NAT device doing ppp to the internet.
If this is the case you will what to have snort snorting on your
interface/ip address on the public side (internet).
It would be helpful if you gave a general description of how your network is
Hope this helps,
More information about the Snort-users