[Snort-users] HOME_NET, EXTERNAL_NET, ipvar unwanted triggered rules
DSmith at ...17880...
Fri Jun 9 12:32:01 EDT 2017
ENV: Ubuntu 16.04, Snort V 220.127.116.11, Barnyard2 V 2.1.14, PulledPork 0.7.3, BASE 1.4.5
Snort rules, pulled in from PulledPork are being triggered from addresses within the defined HOME_NET as if they are part of the EXTERNAL_NET, which is causing unwanted alerts.
ipvar HOME_NET [192.168.1.0/24,192.168.3.0/24]
ipvar EXTERNAL_NET !$HOME_NET
alert tcp $EXTERNAL_NET any -> $HOME_NET 53.........
Can't find anything in docs or web that has solved this issue for me. Thoughts or ideas?
More information about the Snort-users