[Snort-users] external_net vs !home_net
sharella at ...131...
Fri Sep 27 12:39:05 EDT 2002
I've been dealing with this for a while. I want to
know if I'm doing something wrong or if it's a bug in
I'm running snort sensor(1.8.7) on RedHat7.3.
$HOME_NET [xx,xx,xx,xx/24,yy,yy,yy,yy/24,and a few
If I write a alert:
alert tcp $HOME_NET any -> $EXTERNAL_NET any
This rule will also catch traffic from my internal net
to my internal net, and I will get too much false
But if i write it like below:
alert tcp $HOME_NET any -> !$HOME_NET any (msg:"bla";)
it won't catch it.
Is this a bug in snort if you have multiple subnets in
Please help me,
Do you Yahoo!?
New DSL Internet Access from SBC & Yahoo!
More information about the Snort-users