[Snort-users] snort probs
erek at ...950...
Sat Jan 11 18:19:03 EST 2003
On Sat, 11 Jan 2003, don wrote:
> I have snort compiled on my linux box. Snort 1.8.4 and I am unable to
> get the traffic washed through the
> rulesets that I have ie: netbios-rules and such. I am sure what I am
> doing is obvious however I cannot
> finger it out. Any help appreciated.
Don't waste your time with 1.8.4. Move up to the current version (1.9.x)
as there were quite a few bugs and features added between those versions.
Other than that, I'd guess that EXTERNAL_NET and/or HOME_NET are set
incorrectly. Set HOME_NET to the IP range you want to watch/protect.
Then set EXTERNAL_NET to !$HOME_NET.
And as for 'washing'... Snort doesn't do that. Hogwash or the
snort-inline patch (for 1.9.x) would though.
"When things get weird the wierd turn pro." H.S. Thompson
More information about the Snort-users