[Snort-users] IP Range Problems

Marc Quibell mquibell at ...7759...
Wed Jul 9 07:59:06 EDT 2003

Actually, I would not even recommend that. I like the original /22 and /24
answer, especially since one would also want to look at Network ( and
Broadcast ( probes and DoS attacks. I imagine the poster was not
being quite literal. It would be a mistake to leave those out.

Message: 1
Date: Tue, 8 Jul 2003 16:03:44 -0400
From: Brian <bmc at ...950...>
To: "Nelson, Ben" <bnelson at ...5464...>
Cc: Ryan Vennell <rvennell at ...9347...>,
  snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] IP Range Problems

On Tue, Jul 08, 2003 at 11:58:11AM -0600, Nelson, Ben wrote:
>> i want snort to look at the ip range of - but i cant
>> figure out how to input this into the ip list.  how do i put that into
>> the var HOME_NET list?  thanks for any help
> var HOME_NET [,]

technically, thats not correct.  You would also look at and which don't fit in the range specified.  For the most part,
that will work, but if you want to be exact, you need:


aggregate is your friend.  (echo - | aggregate -i range)


More information about the Snort-users mailing list