[Snort-users] Netbios rules and keeping snort quiet about them ;)
slave_tothe_box at ...131...
Fri Apr 25 06:39:18 EDT 2003
Good Morning all!
Here's my setup: I have two routers one in each
building. Building A is 10.1.0.0/24 and building B is
10.2.0.0/24. My internal/external net settings in
var EXTERNAL_NET [!10.1.0.0/16,!10.2.0.0/15,ANY]
I have TRIED to set my NT NULL session alert to:
alert tcp [!10.1.0.0/16,!10.2.0.0/16] any -> $HOME_NET
I will STILL get hits on this...I'm not sure how to
tell snort to ignore the rule if it's source is 10
based. Anyone have this same issue? Thanks!
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo
More information about the Snort-users