[Snort-users] How do we detect intrusions from an IP ?

Harper, Patrick patrick.harper at ...11593...
Thu Jul 22 05:11:01 EDT 2004

Put your internal range as the IP range of your internal network, fill in all the variables as best as possible.  I put external net as !HOME_NET (everything but what is defined as home_net) and monitor with a front-end, ACID, or Aanval. I am assuming you are wanting to check for the possibilities of outside intrusions.

-----Original Message-----
From: msalmanf at ...11176... [mailto:msalmanf at ...11176...] 
Sent: Wednesday, July 21, 2004 9:02 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] How do we detect intrusions from an IP ?

Hello all...

I am a snort beginner,

How do we know or detect intrusions from an IP connecting to local area network.
For example if we have IP range - (I filled var HOME_NET any in /etc/snort/snort.conf) How do we check whether has some intrusions/alerts or not ?

Thank you,



This mail sent through IMP: http://horde.org/imp/

This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

This electronic message, including any attachments, is confidential and intended solely for use of the intended recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have received this message in error, please delete it and notify the sender immediately. 

More information about the Snort-users mailing list