Re: [Snort-users] Snort.conf variables
This is a discussion on Re: [Snort-users] Snort.conf variables within the Snort forums, part of the System Security and Security Related category; Hi, Snort is running on eth0 (external NIC) I use NAT with only C class IPs for local network. >&...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-11-2003
|
|||
|
|||
Re: [Snort-users] Snort.conf variables
Hi,
Snort is running on eth0 (external NIC) I use NAT with only C class IPs for local network. >> What are HOME_NET and EXTERNAL_NET defined as relative to your network? - Sorry what you mean? And I want to pick up inbound attacks and outbound attacks on eth0. Thanks Regards Remus ----- Original Message ----- From: "Matt Kettler" <mkettler@evi-inc.com> To: "Remus" <rmocius@auste.elnet.lt>; <snort-users@lists.sourceforge.net> Sent: Monday, November 10, 2003 11:08 PM Subject: Re: [Snort-users] Snort.conf variables > At 11:16 AM 11/10/2003, Remus wrote: > >Just my small confusion regarding HOME_NET and EXTERNAL_NET variables. > > > >I have a Linux firewall which one runs Snort as well: > > > >eth0 - external network > >eth1 - local network > > > >And it has port forwards to web, smtp servers in the local network. > > > >Now my question is which one variables I have to use for my eth0 and eth1? > > Given your question, there's no possible answer. And quite frankly, the > real answer may be "neither". Snort configuration depends on a lot more > than just what your router interfaces are. > > What interface is snort running on, eth0 or eth1? > Is there address translation going on? > What are HOME_NET and EXTERNAL_NET defined as relative to your network? > Are you looking to pick up inbound attacks, outbound attacks, or both? > > > > ------------------------------------------------------- > This SF.Net email sponsored by: ApacheCon 2003, > 16-19 November in Las Vegas. Learn firsthand the latest > developments in Apache, PHP, Perl, XML, Java, MySQL, > WebDAV, and more! http://www.apachecon.com/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users > ------------------------------------------------------- This SF.Net email sponsored by: ApacheCon 2003, 16-19 November in Las Vegas. Learn firsthand the latest developments in Apache, PHP, Perl, XML, Java, MySQL, WebDAV, and more! http://www.apachecon.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
