[Snort-users] IP Range Problems
bryan.irvine at ...9066...
Tue Jul 8 13:45:02 EDT 2003
uhhh no. Ben had it right. With a subnet mask of /22 that covers
10.5.0.0-10.5.3.255 and then the /24 covers 10.5.4.0-10.5.4.255. There
is no point to writing them all out like that, especially with the /32
why add in a NET for a single ip?
That is an odd range of ip's though, it doesn't fit in well with CIDR
style notation. is this 1 network with a netmask of 255.255.251.0???
Out of curiosity are these networks split across multiple interfaces?
On Tue, 2003-07-08 at 13:03, Brian wrote:
> On Tue, Jul 08, 2003 at 11:58:11AM -0600, Nelson, Ben wrote:
> >> i want snort to look at the ip range of 10.5.0.1 - 10.5.4.254 but i cant
> >> figure out how to input this into the ip list. how do i put that into
> >> the var HOME_NET list? thanks for any help
> > var HOME_NET [10.5.0.0/22,10.5.4.0/24]
> technically, thats not correct. You would also look at 10.5.0.0 and
> 10.5.4.255 which don't fit in the range specified. For the most part,
> that will work, but if you want to be exact, you need:
> var HOME_NET [10.5.0.1/32,10.5.0.2/31,10.5.0.4/30,10.5.0.8/29,10.5.0.16/28,10.5.0.32/27,10.5.0.64/26,10.5.0.128/25,10.5.1.0/24,10.5.2.0/23,10.5.4.0/25,10.5.4.128/26,10.5.4.192/27,10.5.4.224/28,10.5.4.240/29,10.5.4.248/30,10.5.4.252/31,10.5.4.254/32]
> aggregate is your friend. (echo 10.5.0.1 - 10.5.4.254 | aggregate -i range)
> This SF.Net email sponsored by: Parasoft
> Error proof Web apps, automate testing & more.
> Download & eval WebKing and get a free book.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users