[Snort-users] Home_Net woes

Erek Adams erek at ...577...
Wed Sep 18 13:15:02 EDT 2002


On Wed, 18 Sep 2002, Jim Overholser wrote:

> I'm in the thick of configuring a snort box.  I'm getting all of my local
> traffic, even though I think I have the HOME_NET variable set properly.
>
> Var HOME_NET [132.147.160.0/24,10.100.1.0/24]
>
> Is this incorrect?  Two subnets.

Yes.

I honestly thing you have your EXTERNAL_NET set incorrectly.  IMHO, the best
setting for it is:

	var EXTERNAL_NET !$HOME_NET

That will ignore all traffic coming from your HOME_NET in the rules.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list