[Snort-users] Re: Snort Error - Couldn't resolve hostname HOME_NET

Darksun8 drksun at ...11827...
Tue Feb 1 18:35:25 EST 2005


Here is the portion of my snort.conf where home net is defined

var HOME_NET any

# Set up the external network addresses as well.  A good start may be "any"
var EXTERNAL_NET !HOME_NET
 

i have tryed 192.168.0.1 ( the ip of the box ) also i have tryed 192.168.0.1/24 




On Tue, 1 Feb 2005 18:01:38 -0800, Darksun8 <drksun at ...11827...> wrote:
> [root at ...274... snort]# snort -c /etc/snort/snort.conf &
> [1] 3249
> [root at ...274... snort]# Running in IDS mode
> Log directory = /var/log/snort
> 
> Initializing Network Interface eth0
> 
>       --== Initializing Snort ==--
> Initializing Output Plugins!
> Decoding Ethernet on interface eth0
> Initializing Preprocessors!
> Initializing Plug-ins!
> Parsing Rules file /etc/snort/snort.conf
> 
> +++++++++++++++++++++++++++++++++++++++++++++++++++
> Initializing rule chains...
> ,-----------[Flow Config]----------------------
> | Stats Interval:  0
> | Hash Method:     2
> | Memcap:          10485760
> | Rows  :          4099
> | Overhead Bytes:  16400(%0.16)
> `----------------------------------------------
> No arguments to frag2 directive, setting defaults to:
>   Fragment timeout: 60 seconds
>   Fragment memory cap: 4194304 bytes
>   Fragment min_ttl:   0
>   Fragment ttl_limit: 5
>   Fragment Problems: 0
>   Self preservation threshold: 500
>   Self preservation period: 90
>   Suspend threshold: 1000
>   Suspend period: 30
> Stream4 config:
>   Stateful inspection: ACTIVE
>   Session statistics: INACTIVE
>   Session timeout: 30 seconds
>   Session memory cap: 8388608 bytes
>   State alerts: INACTIVE
>   Evasion alerts: INACTIVE
>   Scan alerts: INACTIVE
>   Log Flushed Streams: INACTIVE
>   MinTTL: 1
>   TTL Limit: 5
>   Async Link: 0
>   State Protection: 0
>   Self preservation threshold: 50
>   Self preservation period: 90
>   Suspend threshold: 200
>   Suspend period: 30
> Stream4_reassemble config:
>   Server reassembly: INACTIVE
>   Client reassembly: ACTIVE
>   Reassembler alerts: ACTIVE
>   Zero out flushed packets: INACTIVE
>   flush_data_diff_size: 500
>   Ports: 21 23 25 53 80 110 111 143 513 1433
>   Emergency Ports: 21 23 25 53 80 110 111 143 513 1433
> HttpInspect Config:
>   GLOBAL CONFIG
>     Max Pipeline Requests:    0
>     Inspection Type:          STATELESS
>     Detect Proxy Usage:       NO
>     IIS Unicode Map Filename: /etc/snort/unicode.map
>     IIS Unicode Map Codepage: 1252
>   DEFAULT SERVER CONFIG:
>     Ports: 80 8080 8180
>     Flow Depth: 300
>     Max Chunk Length: 500000
>     Inspect Pipeline Requests: YES
>     URI Discovery Strict Mode: NO
>     Allow Proxy Usage: NO
>     Disable Alerting: NO
>     Oversize Dir Length: 500
>     Only inspect URI: NO
>     Ascii: YES alert: NO
>     Double Decoding: YES alert: YES
>     %U Encoding: YES alert: YES
>     Bare Byte: YES alert: YES
>     Base36: OFF
>     UTF 8: OFF
>     IIS Unicode: YES alert: YES
>     Multiple Slash: YES alert: NO
>     IIS Backslash: YES alert: NO
>     Directory Traversal: YES alert: NO
>     Web Root Traversal: YES alert: YES
>     Apache WhiteSpace: YES alert: YES
>     IIS Delimiter: YES alert: YES
>     IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
>     Non-RFC Compliant Characters: NONE
> rpc_decode arguments:
>   Ports to decode RPC on: 111 32771
>   alert_fragments: INACTIVE
>   alert_large_fragments: ACTIVE
>   alert_incomplete: ACTIVE
>   alert_multiple_requests: ACTIVE
> telnet_decode arguments:
>   Ports to decode telnet on: 21 23 25 119
> database: compiled support for ( mysql )
> database: configured to use mysql
> database:          user = snort
> database: password is set
> database: database name = snort
> database:          host = localhost
> database:   sensor name = 192.168.0.3
> database:     sensor id = 1
> database: schema version = 106
> database: using the "log" facility
> ERROR: ERROR /etc/snort/rules/bad-traffic.rules(12): Couldn't resolve
> hostname HOME_NET
> Fatal Error, Quitting..
> 
> in my config home net is set to "any", my network is 192.168.0.1 - 192.168.0.10
> i tryed 192.168.0.1/24.
>




More information about the Snort-users mailing list