[Snort-users] Does setting HOME_NET have any effect in Stealth mode?
rob.ward at ...11329...
Tue Nov 2 05:11:56 EST 2004
I've been trying out Snort on a problem network (I'm a newbie!) that sees a
lot of P2P traffic and DOS/DDOS attacks. I'm running Net BSD 1.6.2_STABLE
and snort-2.2.0. The interface I'm using to monitor the network is
connected to a SPAN port and running in promiscuous mode with no IP
configuration. Another interface is used solely for managing the box with
When I set "HOME_NET" to anything other than 'any' I no longer see any DOS
or DDOS alerts but P2P alerts are still output. I've tried following the
configuration examples in the FAQ's etc and can't get it to work. I'm
wondering if HOME_NET has any relevance when running snort in 'stealth' or
am I wide of the mark?
Also - can snort cope with variable length subnet masks?
Network Northwest Support
University of Liverpool
Computing Services Department
Tel: 0151 794 4449
Fax: 0151 794 4442
Mob: 07970 247 326
More information about the Snort-users