[Snort-users] Upgraded to 2.8.6 and external network addresses
James R. Marcus
jmarcus at ...14853...
Thu Apr 29 16:46:07 EDT 2010
Pretty new to Snort. I upgraded to 2.8.6 today and I'm running on Cent OS 5.3 64-bit. In reality I didn't upgrade, I removed (not uninstalled) all the Snort binaries from my system and then installed an RPM of 2.8.6. I copied a fair amount of my configuration from the snort.conf of my earlier version. I specified my Web servers, telnet servers (phone system), etc in the configuration. Then I came to the EXTERNAL_NET variable and looked at the IPs assigned to my routers. I added the the CIDR nets we were assigned. So now I'm getting a lot fewer alerts, is that because of the additonal detail I provided for network services and external networks?
I know it says a good start may be "any" but is that because some people don't know their external CIDR net?
There aren't my real IPs:
# Set up the external network addresses. A good start may be "any"
var EXTERNAL_NET [126.96.36.199/28,188.8.131.52/27,184.108.40.206/30]
More information about the Snort-users