[Snort-users] Will Snort understand something like this?

Eric Maheo eric.maheo at ...8860...
Wed Sep 28 07:11:48 EDT 2005


> Hi Snorters,
> 
> I set the following in my snort.conf
> 
> var HOME_NET 192.168.0.0/16
> var DMZ_NET [192.168.5.0/24,192.168.10.0/24,192.168.15.0/24]
> var EXTERNAL_NET [!$HOME_NET,$DMZ_NET]
> 
> Snort starts properly, but I don't know if Snort interprets EXTERNAL_NET correctly. Is there a way that I can find this information out?
> 
> ps. Let's not try to understand how I get into this situation.
> 
I won't comment :)
Have you tried var EXTERNAL_NET [$DMZ_NET,!$HOME_NET] ?
Like your DMZ_NET is in included in your HOME_NET I am guessing it stops
its test at !$HOME_NET and won't look at what is in your $DMZ_NET.. 
This will require to look at the source to be certain.. or to test it.

Thanks,
Eric

> Cheers,
> 
> Hin
> 
> 
> __________________________________________________________________
> Switch to Netscape Internet Service.
> As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
> 
> Netscape. Just the Net You Need.
> 
> New! Netscape Toolbar for Internet Explorer
> Search from anywhere on the Web and block those annoying pop-ups.
> Download now at http://channels.netscape.com/ns/search/install.jsp
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 

Eric Maheo
Vice President of Engineering,

Applied Watch Technologies, LLC
1095 Pingree Rd.
Suite 212
Crystal Lake, IL 60014

Tel: (877) 262-7593 x324
Fax: (877) 262-7593

Email: eric.maheo at ...8860...
Web: http://www.appliedwatch.com





More information about the Snort-users mailing list