[Snort-users] home_net and ext_net question

L. Christopher Luther CLuther at ...6333...
Wed Apr 23 14:12:06 EDT 2003


Having HOME_NET encapsulate two or more networks can do funny things to the
Snort rules when one simply negates EXTERNAL_NET (i.e., var EXTERNAL_NET
!$HOME_NET, or some variant).  

So, to avoid unwanted alerts/logs, you're probably going to have to modify
your rules to be more specific than EXTERNAL_NET -> HOME_NET.  

- Christopher


-----Original Message-----
From: Mike Zupan [mailto:mzupan at ...8987...]
Sent: Wednesday, April 23, 2003 4:19 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] home_net and ext_net question


Right now here are my two vars.

var HOME_NET [66.93.31.0/24,129.4.26.0/24]
var EXTERNAL_NET [66.93.31.0/24,129.4.26.0/24] (i have also tried just any)


This is an example of what I want to stop snort from logging.

snmp connections from 66.93.31.10 -> 66.93.31.1

i also get cgi-redirect snort logs from desktops in the 66 class C range.
Is there a way to stop logging when connecting to other internal servers.

Mike




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list