[Snort-users] Does setting HOME_NET have any effect in Stealth mode?

Rob Ward rob.ward at ...11329...
Tue Nov 2 07:15:07 EST 2004


Hi Michael,

--On 02 November 2004 23:02 +0800 Michael Boman <michael.boman at ...11827...> 
wrote:

> On Tue, 02 Nov 2004 13:05:26 +0000, Rob Ward <rob.ward at ...11329...>
> wrote:
>> When I set "HOME_NET" to anything other than 'any' I no longer see any
>> DOS or DDOS alerts but P2P alerts are still output. I've tried following
>> the configuration examples in the FAQ's etc and can't get it to work. I'm
>> wondering if HOME_NET has any relevance when running snort in 'stealth'
>> or am I wide of the mark?
>
> HOME_NET is used to define the network you are interesting to monitor,
> and your snort box being in stealth mode or not has nothing to do with
> it.

That's what I find strange - when I set HOME_NET to the network I want to 
monitor the DOS alerts are no longer output?

>
>> Also - can snort cope with variable length subnet masks?
>
> Please explain what you mean.
>

For example:

var HOME_NET [138.253.82.0/23 , 138.253.160.0/22]

> Best regards
>  Michael Boman

Thanks and Regards

Rob Ward
Network Northwest Support
University of Liverpool
Computing Services Department

Tel: 0151 794 4449
Fax: 0151 794 4442
Mob: 07970 247 326




More information about the Snort-users mailing list