[Snort-users] home_net and ext_net question

Neil Dickey neil at ...1633...
Wed Apr 23 13:57:05 EDT 2003


"Mike Zupan" <mzupan at ...8987...> wrote asking:

>var HOME_NET [66.93.31.0/24,129.4.26.0/24]
>var EXTERNAL_NET [66.93.31.0/24,129.4.26.0/24] (i have also tried just any)

Why do you have HOME_NET and EXTERNAL_NET set identically?
... Just curious.

>This is an example of what I want to stop snort from logging.
>
>snmp connections from 66.93.31.10 -> 66.93.31.1

I would try something like this in local.rules:

  pass udp 66.93.31.10 any -> 66.93.31.1 any

Use the "-o" switch on the command line when invoking Snort if you're
not already.  If specific ports are involved, then use them instead
of "any".

>i also get cgi-redirect snort logs from desktops in the 66 class C range.
>Is there a way to stop logging when connecting to other internal servers.

I suspect more pass rules would help you here, perhaps like the one
above?  I'd need more information on the cgi-redirect stuff to be more
specific.

I hope this helps.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115




More information about the Snort-users mailing list