|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: RE: [snort] networks under different CIDR blocks
From: Mullen, Patrick (Patrick.Mullen
GD-CS.COM)Date: Fri Mar 03 2000 - 09:41:04 CST
- Next message: Andrew Diller: "Re: [snort] Beta 10.2 (w' Tru64 support) ready [CVS & WWW]"
- Previous message: Joey McAlerney: "Re: [snort] Can't get whisker scan to log"
- Next in thread: Joey McAlerney: "Re: [snort] networks under different CIDR blocks"
- Reply: Joey McAlerney: "Re: [snort] networks under different CIDR blocks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
What you can also do is rather than running two sets
of rules, run two snorts. I don't know if running
them on the same NIC would hurt or not, but I have
two snorts running, one on the external interface
checking scans from the outside and one on the
internal interface checking scans from the ... um.
outside.
But my setup is screwy. I have portforwarding set
for HTTP, SSH, POP, and IMAP so due to something I
don't totally understand, the kernel immediately
translates outside connections to the respective
ports as connections to my internal network instead
of the outside IP address (I uses IP Masq).
Do I see a request for multiple network protection
within SPP? Anyone? Anyone? Argh. Now I'm
going to HAVE to make a config file, which should
have been done long ago. :) 'Sokay, though. I
hate having to recompile so I can change scan
configurations when I'm doing testing.
Expect a new release of SPP on Monday...
~Patrick
- Next message: Andrew Diller: "Re: [snort] Beta 10.2 (w' Tru64 support) ready [CVS & WWW]"
- Previous message: Joey McAlerney: "Re: [snort] Can't get whisker scan to log"
- Next in thread: Joey McAlerney: "Re: [snort] networks under different CIDR blocks"
- Reply: Joey McAlerney: "Re: [snort] networks under different CIDR blocks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]