[Snort-users] A few questions

Newbie h8u9myo02 at ...12245...
Tue Sep 14 14:39:11 EDT 2004


Hi 
 
I have a few questions regarding Snort, which I currently run on Windows just as a monitoring tool.
 
I am not on a network, I simply have my PC and router as a home configuration. However I get a lot of false negatives where the error relates to my router. How can I configure HOME_NET to therefore include any IPs that begin with 123.123 etc? Currently it is setup IP/32 – what would the new one be?
 
Secondly, because I am using a home PC/router, I am not sure the flow:to_server is relevant for me. These commands also include major anti-trojan rules which don’t seem to therefore work for my PC setup. Can I simply remove these commands if I am not on a server?
 
And finally – a more simple question, apart from a Snort equivalent with some more graphs, what more security features do all these wiz-bang systems you pay thousands for actually include?
 
As you can tell – am a newbie and just have a few queries.
 
Thanks for your help
 
Newbie :o)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040914/231e93bb/attachment.html>


More information about the Snort-users mailing list