[Snort-users] configure snort when using NAT

Al Lewis (allewi) allewi at ...589...
Thu Aug 20 09:50:12 EDT 2015


Your home net should be the address ranges of the hosts you are trying to monitor / protect. Everyone else “should” be considered external net.

Albert Lewis
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...

From: mehdi maleki [mailto:mehdimlk2003 at ...131...]
Sent: Thursday, August 20, 2015 8:04 AM
To: snort-sigs at lists.sourceforge.net ; snort-users-owner at lists.sourceforge.net ; Snort-users at lists.sourceforge.net
Subject: [Snort-users] configure snort when using NAT

i try to use cdx dataset(http://www.usma.edu/crc/SitePages/DataSets.aspx)
they mention that used NAT(network address translation) in their network.
their network topology is here:(http://www.usma.edu/crc/SiteAssets/SitePages/DataSets/CDX_2009_Network_USMA.pdf)i mix how configure HOME_NET variable in snort.conf?  should i use internal address or external address? they deliver a snort alert output file(https://drive.google.com/open?id=0B0u9Tg7udaAXd3dZVGRVWWJ1ZW8&authuser=0), but addresses in this file is different from my SO generated alert file. please help me how configure HOME & EXternal ip address in snort.conf for using this dataset

Sincerely yours Mahdi Maleki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150820/a8a79a8e/attachment.html>

More information about the Snort-users mailing list