[Snort-users] preprocessors rules
Al Lewis (allewi)
allewi at ...589...
Mon Feb 23 12:16:29 EST 2015
You can read on the preprocessors here: http://manual.snort.org/node17.html
The packet is decoded then the preprocessor is run before detection.
QA Software Engineer
SOURCEfire, Inc. now part of Cisco
9780 Patuxent Woods Drive
Columbia, MD 21046
Phone: (office) 443.430.7112
Email: allewi at ...589...
From: Dan Roberts [mailto:danroberts2604 at ...11827...]
Sent: Monday, February 23, 2015 10:58 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] preprocessors rules
One of my Snort sensor (eth1) is listening to the network traffic of many VLANs, sharing the same trunk.
And although I've defined only one VLAN (IP subnet) as my HOME_NET in snort.conf,
I receive many preprocessor alarms related to other vlans(IP subnets) without any relation to my HOME_NET.
My question: do the preprocessor rules apply to all the network traffic the sensor sees, regardess the HOME_NET setting in snort.conf ? Or is there something I missed ?
Thanks in advance for your help !
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users