[Snort-users] Upgraded to 2.8.6 and external network addresses

Burks, Doug doug.burks at ...14446...
Thu Apr 29 16:56:54 EDT 2010


Hi James,

I think you're misunderstanding the purpose of EXTERNAL_NET.  Quoting
from http://seclists.org/snort/2007/q1/3 :
"HOME_NET is a list of systems you are interested in protecting.
EXTERNAL_NET is a list of systems you are interested in protecting
HOME_NET from."

Regards,
Doug Burks

-----Original Message-----
From: James R. Marcus [mailto:jmarcus at ...14853...] 
Sent: Thursday, April 29, 2010 4:46 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Upgraded to 2.8.6 and external network addresses

Hi,
Pretty new to Snort. I upgraded to 2.8.6 today and I'm running on Cent
OS 5.3 64-bit. In reality I didn't upgrade, I removed (not uninstalled)
all the Snort binaries from my system and then installed an RPM of
2.8.6. I copied a fair amount of my configuration from the snort.conf of
my earlier version.  I specified my Web servers, telnet servers (phone
system), etc in the configuration.  Then I came to the EXTERNAL_NET
variable and looked at the IPs assigned to my routers. I added the the
CIDR nets we were assigned.  So now I'm getting a lot fewer alerts, is
that because of the additonal detail I provided for network services and
external networks?

I know it says a good start may be "any" but is that because some people
don't know their external CIDR net?


There aren't my real IPs:


# Set up the external network addresses.  A good start may be "any"
var EXTERNAL_NET [67.89.243.208/28,64.112.133.96/27,66.47.194.100/30]



Thanks,
James
------------------------------------------------------------------------
------
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list