[Snort-users] snort.conf: HOME_NET value for AWS EC2 instance

Al Lewis (allewi) allewi at ...589...
Fri Feb 3 12:21:15 EST 2017


Probably 172.31.39.0/24 (or that hosts specific IP if its the only machine you are worried about).


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Paul Li <paul at ...17768...<mailto:paul at ...17768...>>
Date: Friday, February 3, 2017 at 12:01 PM
To: allewi <allewi at ...589...<mailto:allewi at ...589...>>
Cc: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: Re: [Snort-users] snort.conf: HOME_NET value for AWS EC2 instance

Thanks Al. My EC2 instance internal IP is inet addr:172.31.39.xxx. Should I in the case use 172.31.0.1/12<http://172.31.0.1/12> as the HOME_NET?

Thanks,
Paul

On Fri, Feb 3, 2017 at 11:38 AM, Al Lewis (allewi) <allewi at ...589...<mailto:allewi at ...589...>> wrote:
Probably needs to be a 172.16.0.0/12<http://172.16.0.0/12> address since I think that’s the default for private VPC’s.

But that it all depends on your addressing scheme and the resources you are trying to protect.


Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi at ...589...<mailto:allewi at ...589...>

From: Paul Li <paul at ...17768...<mailto:paul at ...17768...>>
Date: Friday, February 3, 2017 at 10:01 AM
To: 'snort-users' <snort-users at lists.sourceforge.net<mailto:snort-users at lists.sourceforge.net>>
Subject: [Snort-users] snort.conf: HOME_NET value for AWS EC2 instance

For Snort deployed on an AWS EC2, what value should be for HOME_NET  the snort.conf configuration?

Thanks,
Paul

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170203/ea55650b/attachment.html>


More information about the Snort-users mailing list