[ILUG] Snort config - newbie question.
Conall O'Brien
conall+ilug at conall.net
Fri Dec 16 13:14:31 GMT 2005
On Fri, Dec 16, 2005 at 01:06:09PM GMT, Declan Grady
<Declan.Grady at nuvotem.com> incoherently babbled:
> This is the bit I'm lost in ... my local lan is 192.168.0.xxx , my
> external fixed ip address is yyy.yyy.yyy.yyy
> Which should I use as my DEBIAN_SNORT_HOME_NET
You declare the home network to tell snort not to flag internal traffic
as suspicious.
Since your local lan is 192.168.0.xxx, you can say 192.168.0.0/24. You
don't need to add your external IP to the list, how often will traffic
from your external IP number to going to your external IP number?
Your server is doing the NAT process for you I suspect. Since it's
aware of your internal network, snort isn't performing of the other
side of your NAT setup.
--
Conall O'Brien
+353 (0)87 9194139 | http://www.conall.net
GPG Key: http://www.conall.net/gpg/
Program (n.):
1. A magic spell cast over a computer allowing it to turn one's
input into error messages.
2. An exercise in experimental epistemology.
3. A form of art, ostensibly intended for the instruction of
computers, which is nevertheless almost inevitably a failure if
other programmers can't understand it.
Eric S. Raymond - The Jargon File
More information about the ILUG
mailing list