[Snort-users] Does setting HOME_NET have any effect in Stealth mode?
rob.ward at ...11329...
Tue Nov 2 07:15:07 EST 2004
--On 02 November 2004 23:02 +0800 Michael Boman <michael.boman at ...11827...>
> On Tue, 02 Nov 2004 13:05:26 +0000, Rob Ward <rob.ward at ...11329...>
>> When I set "HOME_NET" to anything other than 'any' I no longer see any
>> DOS or DDOS alerts but P2P alerts are still output. I've tried following
>> the configuration examples in the FAQ's etc and can't get it to work. I'm
>> wondering if HOME_NET has any relevance when running snort in 'stealth'
>> or am I wide of the mark?
> HOME_NET is used to define the network you are interesting to monitor,
> and your snort box being in stealth mode or not has nothing to do with
That's what I find strange - when I set HOME_NET to the network I want to
monitor the DOS alerts are no longer output?
>> Also - can snort cope with variable length subnet masks?
> Please explain what you mean.
var HOME_NET [126.96.36.199/23 , 188.8.131.52/22]
> Best regards
> Michael Boman
Thanks and Regards
Network Northwest Support
University of Liverpool
Computing Services Department
Tel: 0151 794 4449
Fax: 0151 794 4442
Mob: 07970 247 326
More information about the Snort-users