[Snort-users] trouble specifying more than one HOME_NET variable

Philip Davidson Philip at ...8580...
Thu Jun 26 08:48:21 EDT 2003


Hello all,

I am trying to specify my $HOME_NET variable to be two separate internal
LANs.  
After making the below change, I tried to start snort back up and it would
not start.  After issuing a "/etc/init.d/snort start",  my startup script
tells me that it is up and running.
But then I issue a "ps -ef|grep snort" and there is no snort.
Any idears?

Here is a section of my conf:


var HOME_NET [192.168.1.0/24,192.168.5.0/24]

# Set up the external network addresses as well.
# A good start may be "any"

var EXTERNAL_NET !$HOME_NET

# Configure your server lists.  This allows snort to only look for attacks
# to systems that have a service up.  Why look for HTTP attacks if you are
# not running a web server?  This allows quick filtering based on IP
addresses
# These configurations MUST follow the same configuration scheme as defined
# above for $HOME_NET.

# List of DNS servers on your network
var DNS_SERVERS $HOME_NET

# List of SMTP servers on your network
var SMTP_SERVERS $HOME_NET

# List of web servers on your network
var HTTP_SERVERS $HOME_NET

# List of sql servers on your network
var SQL_SERVERS $HOME_NET

# List of telnet servers on your network
var TELNET_SERVERS $HOME_NET

# Configure your service ports.  This allows snort to look for attacks
# destined to a specific application only on the ports that application
# runs on.  For example, if you run a web server on port 8081, set your
# HTTP_PORTS variable like this:
#
# var HTTP_PORTS 8081
#
# Port lists must either be continuous [eg 80:8080], or a single port [eg
80].
# We will adding support for a real list of ports in the future.

# Ports you run web servers on
var HTTP_PORTS 80

# Ports you want to look for SHELLCODE on.
var SHELLCODE_PORTS !80

# Ports you do oracle attacks on
var ORACLE_PORTS 1521



Thanks in advance


Philip Davidson
DPC, Inc.
1015 Maurice Fields Dr.
Paris, TN 38242
731-642-8627





More information about the Snort-users mailing list