[Snort-users] A few questions
h8u9myo02 at ...12245...
Tue Sep 14 14:39:11 EDT 2004
I have a few questions regarding Snort, which I currently run on Windows just as a monitoring tool.
I am not on a network, I simply have my PC and router as a home configuration. However I get a lot of false negatives where the error relates to my router. How can I configure HOME_NET to therefore include any IPs that begin with 123.123 etc? Currently it is setup IP/32 what would the new one be?
Secondly, because I am using a home PC/router, I am not sure the flow:to_server is relevant for me. These commands also include major anti-trojan rules which dont seem to therefore work for my PC setup. Can I simply remove these commands if I am not on a server?
And finally a more simple question, apart from a Snort equivalent with some more graphs, what more security features do all these wiz-bang systems you pay thousands for actually include?
As you can tell am a newbie and just have a few queries.
Thanks for your help
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users