Sat Jan 11 18:19:03 EST 2003

On Sat, 11 Jan 2003, don wrote:

> I have snort compiled on my linux box. Snort 1.8.4 and I am unable to
> get the traffic washed through the
> rulesets that I have ie: netbios-rules and such. I am sure what I am
> doing is obvious however I cannot
> finger it out. Any help appreciated.

Don't waste your time with 1.8.4.  Move up to the current version (1.9.x)
as there were quite a few bugs and features added between those versions.

Other than that, I'd guess that EXTERNAL_NET and/or HOME_NET are set
incorrectly.  Set HOME_NET to the IP range you want to watch/protect.

And as for 'washing'...  Snort doesn't do that.  Hogwash or the
snort-inline patch (for 1.9.x) would though.


Erek Adams

