[Snort-users] ip's outside of HOME_NET showing up

Michael Sconzo msconzo at ...5072...
Thu Jul 8 10:04:11 EDT 2004


Some rules are written EXTERNAL_NET -> HOME_NET and others HOME_NET -> EXTERNAL_NET

my $0.02 check out the 'questionable' alerts ... you may need to change the rule.

-=Mike

On Thu, Jul 08, 2004 at 11:01:37AM -0400, Adam Denenberg wrote:
> Hello,
> 
>  I finally got my acid/mysql setup working well.  However i have
> HOME_NET defined as my public range , say 24.100.100.0/24.  However i
> am seeing tons of destination ip addresses outside of that.  Shouldnt
> snort only be watching attacks destined for the HOME_NET network ?  Or
> do i need to specifically limit that with a BPF filter?  I thought
> snort handled that with the HOME_NET variable but still am seeing all
> sorts of ip addresses in ACID.
> 
> thanks
> adam

-- 
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
        But let your communication be Yea, yea; nay, nay: for
        whatsoever is more than these cometh of evil.
                -- Matthew 5:37




More information about the Snort-users mailing list