[Snort-users] home_net and ext_net question

L. Christopher Luther CLuther at ...6333...
Wed Apr 23 14:12:06 EDT 2003

Having HOME_NET encapsulate two or more networks can do funny things to the
Snort rules when one simply negates EXTERNAL_NET (i.e., var EXTERNAL_NET
!$HOME_NET, or some variant).  

So, to avoid unwanted alerts/logs, you're probably going to have to modify
your rules to be more specific than EXTERNAL_NET -> HOME_NET.  

- Christopher

-----Original Message-----
From: Mike Zupan [mailto:mzupan at ...8987...]
Sent: Wednesday, April 23, 2003 4:19 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] home_net and ext_net question

Right now here are my two vars.

var HOME_NET [,]
var EXTERNAL_NET [,] (i have also tried just any)

This is an example of what I want to stop snort from logging.

snmp connections from ->

i also get cgi-redirect snort logs from desktops in the 66 class C range.
Is there a way to stop logging when connecting to other internal servers.


This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list