[Snort-users] Will Snort understand something like this?
eric.maheo at ...8860...
Wed Sep 28 07:11:48 EDT 2005
> Hi Snorters,
> I set the following in my snort.conf
> var HOME_NET 192.168.0.0/16
> var DMZ_NET [192.168.5.0/24,192.168.10.0/24,192.168.15.0/24]
> var EXTERNAL_NET [!$HOME_NET,$DMZ_NET]
> Snort starts properly, but I don't know if Snort interprets EXTERNAL_NET correctly. Is there a way that I can find this information out?
> ps. Let's not try to understand how I get into this situation.
I won't comment :)
Have you tried var EXTERNAL_NET [$DMZ_NET,!$HOME_NET] ?
Like your DMZ_NET is in included in your HOME_NET I am guessing it stops
its test at !$HOME_NET and won't look at what is in your $DMZ_NET..
This will require to look at the source to be certain.. or to test it.
> Switch to Netscape Internet Service.
> As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
> Netscape. Just the Net You Need.
> New! Netscape Toolbar for Internet Explorer
> Search from anywhere on the Web and block those annoying pop-ups.
> Download now at http://channels.netscape.com/ns/search/install.jsp
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Vice President of Engineering,
Applied Watch Technologies, LLC
1095 Pingree Rd.
Crystal Lake, IL 60014
Tel: (877) 262-7593 x324
Fax: (877) 262-7593
Email: eric.maheo at ...8860...
More information about the Snort-users