[Snort-users] HOME_NET and EXTERNAL_NET snort.conf

From: Allan Dover <allan(at)redwoods.ca>
Date: Wed Apr 09 2003 - 11:54:57 EDT

Hello Everyone !

In my config I have Snort 2.0.rc3 --with mysql and ACID 0.9.6.b23 RH 8.0 Patched as Bridged Firewall ETH0 and ETH1 Comprise of bridge BRIDGE snort.conf has been configured as so:
HOME_NET is my LAN 192.168.0.0/26 would give me 192.168.0.1 - 192.168.0.62 EXTERNAL_NET is WAN 192.168.254.14 (Router's Address) Correct ? var DNS 192.168.0.5
var HTTP etc...

### ########## ##### ##### --DNS 192.168.0.5

DSL         ETH0-ETH1    Router    Clients        --WEB 192.168.0.30


###          ##########    #####     #####        --DNS 192.168.0.30

I used to use snort without filling in the var dns, http and network portions. I was seeing DNS Zone transfers and so on. Now I dont see the dns zone transfers, and want to make sure that is what is supposed to happen.
I also set up a firewall to filter out some of the nasty stuff which I dont this is workinmg 100% the way I wanted, but I digress. My ultimate goal is to block my users from surfing porn at work, and limit P2P programs. So far Guardian seems best for this from my reading, I have also been told about snortsam. ( do I need Flex Resp ? )

Plus my understanding of setting up the HOME_NET and EXTERNAL_NET are sketchy. I have read the FAQ and Snort Docs.

Any Insight on this would be greatly appreciated.

Allan Dover

###################################################

This e-mail communication (including any or all attachments) is intended only for the use of the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. If you are not the intended recipient of this e-mail, any use, review, retransmission, distribution, dissemination, copying, printing, or other use of, or taking of any action in reliance upon this e-mail, is strictly prohibited. If you have received this e-mail in error, please contact the sender and delete the original and any copy of this e-mail and any printout thereof, immediately. Your co-operation is appreciated.

---

This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Wed Apr 9 12:00:57 2003