[Snort-users] Using Ranges in $HOME_NET and $EXTERNAL_NET
eslerj at ...11827...
Mon Oct 13 11:35:35 EDT 2008
var HOME_NET [!192.168.30.10,!192.168.30.11,192.168.30.0/24]
On Oct 13, 2008, at 11:07 AM, John Duksta wrote:
> We're making an effort in our HOME_NET definitions to exclude
> internal addresses of proxy servers so internal sensors will treat
> them as external hosts and we'll catch more browser based exploits.
> There are a couple of ways to skin this cat, but the one that seems
> to work best is to do something that's not explicitly supported,
> i.e. using a range specifier in the HOME_NET. It seems to work and
> the snort.conf parser doesn't complain. However, I'd like to get the
> thoughts of the community as to the long term feasibility of this
> Original Settings:
> var HOME_NET [192.168.30.0/24]
> I want to exclude 192.168.30.10 and .11 because they're proxy servers
> var HOME_NET [192.168.30.0:192.168.30.9,192.168.30.12:192.168.30.255]
> John Duksta <jduksta at ...11827...>
> Can't sleep, clowns will eat me.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users