Patrick.MullenGD-CS.COM

• Next message: Ralf Hildebrandt: "[snort] Anybody got a clue"
• Previous message: John Wilson: "[snort] Scripting Snort (sort of)"
• Next in thread: Martin Roesch: "Re: [snort] networks under different CIDR blocks"
• Maybe reply: Mullen, Patrick: "RE: [snort] networks under different CIDR blocks"
• Reply: Martin Roesch: "Re: [snort] networks under different CIDR blocks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Do I see a request for multiple network protection
> > within SPP? Anyone? Anyone?
>
> That would be nice, but then again, people may be running two snorts
> anyway instead of doubling/tripling the rules. It would be
> nice to have

Very true, but SPP would have to be modified to read in
multiple networks for when the functionality to list
multiple HOME_NETs anyway, so it's something that
must be done.

I haven't looked at code outside of SPP in a while, but
the new IsHomenet() (or whatever) function should make
multiple homenets easy to code. A single call to the
[correctly named] function would do all checks through
the list of networks. Has this work been done yet? I
know it had been mentioned not to long ago, but
unfortunately I'm a few versions behind at the moment.

Personally, now that I've learned more about my own
setup, I'd like to monitor my outside connection as
well as 192.168.1.0/24 on the same snort.

Thanks,

~Patrick

• Next message: Ralf Hildebrandt: "[snort] Anybody got a clue"
• Previous message: John Wilson: "[snort] Scripting Snort (sort of)"
• Next in thread: Martin Roesch: "Re: [snort] networks under different CIDR blocks"
• Maybe reply: Mullen, Patrick: "RE: [snort] networks under different CIDR blocks"
• Reply: Martin Roesch: "Re: [snort] networks under different CIDR blocks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]