[Snort-users] IP Range Problems

Bryan Irvine bryan.irvine at ...9066...
Tue Jul 8 13:45:02 EDT 2003


uhhh no.  Ben had it right.  With a subnet mask of /22 that covers
10.5.0.0-10.5.3.255  and then the /24 covers 10.5.4.0-10.5.4.255.  There
is no point to writing them all out like that, especially with the /32
why add in a NET for a single ip?

That is an odd range of ip's though, it doesn't fit in well with CIDR
style notation.  is this 1 network with a netmask of 255.255.251.0??? 
strange....

10.5.0.0/21.5-ish  ;-) 

Out of curiosity are these networks split across multiple interfaces?

--Bryan

On Tue, 2003-07-08 at 13:03, Brian wrote:
> On Tue, Jul 08, 2003 at 11:58:11AM -0600, Nelson, Ben wrote:
> >> i want snort to look at the ip range of 10.5.0.1 - 10.5.4.254 but i cant
> >> figure out how to input this into the ip list.  how do i put that into
> >> the var HOME_NET list?  thanks for any help
> >
> > var HOME_NET [10.5.0.0/22,10.5.4.0/24]
> 
> technically, thats not correct.  You would also look at 10.5.0.0 and 
> 10.5.4.255 which don't fit in the range specified.  For the most part,
> that will work, but if you want to be exact, you need:
> 
> var HOME_NET [10.5.0.1/32,10.5.0.2/31,10.5.0.4/30,10.5.0.8/29,10.5.0.16/28,10.5.0.32/27,10.5.0.64/26,10.5.0.128/25,10.5.1.0/24,10.5.2.0/23,10.5.4.0/25,10.5.4.128/26,10.5.4.192/27,10.5.4.224/28,10.5.4.240/29,10.5.4.248/30,10.5.4.252/31,10.5.4.254/32]
> 
> aggregate is your friend.  (echo 10.5.0.1 - 10.5.4.254 | aggregate -i range)
> 
> -brian
> 
> 
> -------------------------------------------------------
> This SF.Net email sponsored by: Parasoft
> Error proof Web apps, automate testing & more.
> Download & eval WebKing and get a free book.
> www.parasoft.com/bulletproofapps
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 





More information about the Snort-users mailing list