OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matt Kettler (mkettlerevi-inc.com)
Date: Fri May 03 2002 - 10:50:52 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hmm, what is your EXTERNAL_NET specified as? by default it is set to any,
    so until you change that, you will get alerts for home - to - home attacks.

    At 09:18 AM 5/3/2002 +0000, counterpinguk2.net wrote:
    >Hiya,
    >
    >I am fairly new to the world of Snort and hopefully someone maybe able to
    >help
    >me out: (1.83 ver)
    >
    >I have set up several networks within the home_net variable under snort.conf
    >var HOME_NET
    >[64.6.189.0/24,172.16.10.0/24,10.10.60.10/24,10.10.30.0/16,192.168.10.0/24,192.1
    >68.20.0/24]
    >
    >However, SNORT seems to IGNORE these networks as my Home Networks and send
    >alarms for HOME to HOME intrusions.
    >
    >For example,
    >I am still seeing lots of alarms from my 172.16.10.0 home network to my
    >10.10.30.0 home network,
    >If a particular rule specifies EXTERNAL_NET -> HOME_NET surely I should
    >NOT get
    >alerted when the packet is sent from my home network to another home network ?
    >i.e 172.16.10.35 -----> 10.10.30.10
    >
    >Any help would be greatly appreciated
    >
    >Martin
    >
    >----------------------------------------------------------
    >This message was sent using http://uk2.net
    >NEWS - CHEAPEST DEDICATED SERVERS IN THE WORLD - 25/month
    >FREE UK DIAL 0845 609 1370 - username uk2: - password: uk2
    >UK's FREE Domains, FREE Dialup, FREE Webdesign, FREE email
    >
    >
    >
    >_______________________________________________________________
    >
    >Have big pipes? SourceForge.net is looking for download mirrors. We supply
    >the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
    >_______________________________________________
    >Snort-users mailing list
    >Snort-userslists.sourceforge.net
    >Go to this URL to change user options or unsubscribe:
    >https://lists.sourceforge.net/lists/listinfo/snort-users
    >Snort-users list archive:
    >http://www.geocrawler.com/redir-sf.php3?list=snort-users

    _______________________________________________________________

    Have big pipes? SourceForge.net is looking for download mirrors. We supply
    the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users