[Snort-users] trouble specifying more than one HOME_NET variable
Philip at ...8580...
Thu Jun 26 08:48:21 EDT 2003
I am trying to specify my $HOME_NET variable to be two separate internal
After making the below change, I tried to start snort back up and it would
not start. After issuing a "/etc/init.d/snort start", my startup script
tells me that it is up and running.
But then I issue a "ps -ef|grep snort" and there is no snort.
Here is a section of my conf:
var HOME_NET [192.168.1.0/24,192.168.5.0/24]
# Set up the external network addresses as well.
# A good start may be "any"
var EXTERNAL_NET !$HOME_NET
# Configure your server lists. This allows snort to only look for attacks
# to systems that have a service up. Why look for HTTP attacks if you are
# not running a web server? This allows quick filtering based on IP
# These configurations MUST follow the same configuration scheme as defined
# above for $HOME_NET.
# List of DNS servers on your network
var DNS_SERVERS $HOME_NET
# List of SMTP servers on your network
var SMTP_SERVERS $HOME_NET
# List of web servers on your network
var HTTP_SERVERS $HOME_NET
# List of sql servers on your network
var SQL_SERVERS $HOME_NET
# List of telnet servers on your network
var TELNET_SERVERS $HOME_NET
# Configure your service ports. This allows snort to look for attacks
# destined to a specific application only on the ports that application
# runs on. For example, if you run a web server on port 8081, set your
# HTTP_PORTS variable like this:
# var HTTP_PORTS 8081
# Port lists must either be continuous [eg 80:8080], or a single port [eg
# We will adding support for a real list of ports in the future.
# Ports you run web servers on
var HTTP_PORTS 80
# Ports you want to look for SHELLCODE on.
var SHELLCODE_PORTS !80
# Ports you do oracle attacks on
var ORACLE_PORTS 1521
Thanks in advance
1015 Maurice Fields Dr.
Paris, TN 38242
More information about the Snort-users