OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Vadim Pushkin (wiskbroomhotmail.com)
Date: Wed May 08 2002 - 14:59:22 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    My apologies to the list, I had a mismatch in versions for
    rules vs my config file. All seems OK now except for my var
    definition of my HTTP_SERVERS, I will post another msg
    separately.

    Thanks,

    V

    >From: Matt Kettler <mkettlerevi-inc.com>
    >To: "Vadim Pushkin" <wiskbroomhotmail.com>
    >CC: levi-inc.com.snort-userslists.sourceforge.net
    >Subject: Re: [Snort-users] Snort IGNORES var HOME_NET
    >Date: Wed, 08 May 2002 14:13:27 -0400
    >
    >Could you show the exact line you used for var EXTERNAL_NET?
    >
    >Did you accidentally forget the $ in the EXTERNAL_NET line?
    >
    >You should have this:
    >
    >var HOME_NET [192.168.1.0/24,10.10.0.0/16]
    >
    >var EXTERNAL_NET !$HOME_NET
    >
    >
    >I suspect (educated guess only) that you have this:
    >
    >var EXTERNAL_NET !HOME_NET
    >
    >Which is not the same.
    >
    >I did this on my setup and it works fine:
    >
    >var HOME_NET [10.xx.0.0/16,192.168.xx.0/24,192.168.xx.0/24,192.168.xx.0/24]
    >
    >var EXTERNAL_NET !$HOME_NET
    >
    >Pardon the xx's, hiding some minor details about the inside of my network
    >which really don't need to be hidden, but I'm using a little bit of
    >paranoia.
    >
    >At 02:15 PM 5/8/2002 +0000, Vadim Pushkin wrote:
    >>I've done this, and defined my HOME_NET to be
    >>the following:
    >>
    >>var HOME_NET [192.168.1.0/24,10.10.0.0/16]
    >>
    >>And I now get:
    >>
    >>May 8 10:06:21 hostname-1 snort: FATAL ERROR: ERROR
    >>/snort/rules/bad-traffic.rules (11) => Couldn't resolve hostname HOME_NET
    >

    _________________________________________________________________
    Join the world’s largest e-mail service with MSN Hotmail.
    http://www.hotmail.com

    _______________________________________________________________

    Have big pipes? SourceForge.net is looking for download mirrors. We supply
    the hardware. You get the recognition. Email Us: bandwidthsourceforge.net
    _______________________________________________
    Snort-users mailing list
    Snort-userslists.sourceforge.net
    Go to this URL to change user options or unsubscribe:
    https://lists.sourceforge.net/lists/listinfo/snort-users
    Snort-users list archive:
    http://www.geocrawler.com/redir-sf.php3?list=snort-users