[Snort-users] ip's outside of HOME_NET showing up
msconzo at ...5072...
Thu Jul 8 10:04:11 EDT 2004
Some rules are written EXTERNAL_NET -> HOME_NET and others HOME_NET -> EXTERNAL_NET
my $0.02 check out the 'questionable' alerts ... you may need to change the rule.
On Thu, Jul 08, 2004 at 11:01:37AM -0400, Adam Denenberg wrote:
> I finally got my acid/mysql setup working well. However i have
> HOME_NET defined as my public range , say 188.8.131.52/24. However i
> am seeing tons of destination ip addresses outside of that. Shouldnt
> snort only be watching attacks destined for the HOME_NET network ? Or
> do i need to specifically limit that with a BPF filter? I thought
> snort handled that with the HOME_NET variable but still am seeing all
> sorts of ip addresses in ACID.
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
But let your communication be Yea, yea; nay, nay: for
whatsoever is more than these cometh of evil.
-- Matthew 5:37
More information about the Snort-users