[Snort-users] Snort does not detect attacks

waldo kitty wkitty42 at ...14940...
Sat Feb 22 19:39:33 EST 2014


On 2/22/2014 3:45 PM, Michal Šutta wrote:
> # Setup the network addresses you are protecting
>
> ipvar HOME_NET 192.168.1.0/24 <http://192.168.1.0/24>
>
> # Set up the external network addresses. Leave as "any" in most situations
> ipvar EXTERNAL_NET any
>

these two are conflicting... specifically, EXTERNAL_NET is including your 
HOME_NET range within it... you need to fix that... as a guess, at least

ipvar EXTERNAL_NET !$HOME_NET

so that HOME_NET is not included in that blanket "any" range"...

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list