[Snort-users] home_net & external_net question

Joel Esler jesler at ...1935...
Mon Jul 15 19:09:15 EDT 2013


Are you using a snort in inline mode, or is it built into a firewall?


--
Joel Esler
Sent from my iPad

On Jul 15, 2013, at 5:57 PM, "slava at ...13788..." <slava at ...13788...> wrote:

> Hello,
> 
> I'm not very skilled with snort. But have some understanding of how it
> works.
> So here is my situation:
> We have a snort instance, which protect out internal network.
> HOME_NET is set with a bunch of internal networks.
> EXTERNAL_NET is set as !$HOME_NET
> Today a few sites have been infected with a trojan, and upon it
> activation, all sites from our internal network have been blocked at once.
> 
> My question is : Did snort acted correctly by blocking IPs from HOME_NET
> or not ?
> Should snort not block networks listed in HOME_NET no matter what ?
> 
> 
> Appreciate any help.
> Thank you,
> Slava
> 
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list