|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Fyodor (fygrave
tigerteam.net)Date: Wed Mar 28 2001 - 13:24:29 CST
On Wed, Mar 28, 2001 at 08:07:10PM +0100, James Pattinson wrote:
> Hi
>
> $HOME_NET is set to my network, 193.195.220.112/28.
> (my netmask is 255.255.255.240)
>
> However, I still get alerts for activity within my local net, ie:
>
> 03/28-20:03:22.616533 [**] IDS126 - Outgoing Xterm [**]
> 193.195.220.121:6000 -> 193.195.220.114:35814
>
> How can I fix this? the rule for this alert specifies
> $EXTERNAL_NET 6000:6005 -> $HOME_NET
>
> and the alert clearly relates to HOME_NET --> HOME_NET.
>
Hmm.. and what is your EXTERNAL_NET definition like? :)
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]