Yes, this is a total newbie question, but I figured this is the right
place to ask it. What is the purpose of the HOME_NET and EXTERNAL_NET
variables that are defined in snort.conf? Does it change the formatting
of the alerts? Or perhaps turn off the scanning of packets originating
from an internal network? Or something else?

I would imagine this would be a fairly straightforward process to define
them if one had an extremely simple network architecture. But my
ultimate aim is to be able to monitor 3 or 4 networks. In such a case,
what is considered "home" and what is "external"?

Any guidance would be much appreciated.

Gary

_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]