[Snort-users] Doubt about configuration HOME, EXTERNAL.

Agus agus.262 at ...11827...
Tue Jun 4 12:36:34 EDT 2013


Hi guys,

I have a subnet that connects to a client Network. They asked me to
implement an IDS. Si i built snort/snorby/PP

This is an unusual, at least for me, place as i am supposed to monitor the
traffic going away from my net to the other, instead of what it is more
common that i monitor incoming traffic to my severs.

So my doubt is how should i configure the Network variables.

My net = 10.11.0.0/24 - HOME_NET
Client = !HOME_NET - EXTERNAL_NET

That is the approach i took. the same as if the servers were on my net; but
that aint the case as i have the clients/users on my NET, and all
services(web, proxy, inet) are on their side. I was thinking on swapping
the values.

Thanks for any tip you can provide!
Cheers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130604/d60cb3c1/attachment.html>


More information about the Snort-users mailing list