|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tim Kramer (kramert
mlrnoc.navy.mil)Date: Thu Nov 01 2001 - 21:18:37 CST
I'm a total newbie at this also but, in reading the docs, would
take a wild guess and suggest putting your networks in brackets
such as [192.168.2.0/24,10.0.0.0/3,172.9.3.0/8] when defining
$HOME_NET. You can then use the variable in your rules as in
alert tcp any any -> $HOME_NET 25 (.........
when watching for mail coming into you networks.
- Tim
On Thu, 2001-11-01 at 13:59, Merrick, Gary wrote:
> Yes, this is a total newbie question, but I figured this is the right
> place to ask it. What is the purpose of the HOME_NET and EXTERNAL_NET
> variables that are defined in snort.conf? Does it change the formatting
> of the alerts? Or perhaps turn off the scanning of packets originating
> from an internal network? Or something else?
>
> I would imagine this would be a fairly straightforward process to define
> them if one had an extremely simple network architecture. But my
> ultimate aim is to be able to monitor 3 or 4 networks. In such a case,
> what is considered "home" and what is "external"?
>
> Any guidance would be much appreciated.
>
> Gary
>
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]