[Snort-users] use separately maintained lists to manage the IP Addresses in a snort rule

Daniel Niasoff daniel at ...16233...
Thu Apr 11 15:59:42 EDT 2013


Hi All, 

I am looking at an implementation where 

a) The $HOME_NET variable will be different for each rule (not quite each rules as similar rules will be grouped together and share the same $HOME_NET)

b) The $HOME_NET variable will consist of a large list of dis-contiguous IP Addresses (maybe 1000s).

c) The $HOME_NET variable for the various rule groups will be maintained by an external process and be updated regularly.

Can this work? What about scalability?

Any suggestions how best to achieve this?

Thanks

Daniel






More information about the Snort-users mailing list