nate,
I believe you just add an "alias" for the given network (so to speak).
Let's say you have a local ethernet on 10.0.0.0 and your accounting
dept. has their own subnet at 192.168.50.0. You might want to do:
localnet 10.0.0.0
accounting 192.168.50.0
Then, instead of seeing "10.0.0.0" in your routing table, you'll see the
word "localnet".
Snort shouldn't care about this... look at the "DEBIAN_SNORT_HOME_NET"
option in /etc/snort/snort.conf for defining your home network. Other
snort options are similar (and more flexible, since snort knows about
subnet masks).
--Rich
nate wrote:
>
> whats the proper format for /etc/networks in
> debian? i've never had to use this file before
> but it looks like i do now in order to use
> certain options with snort.
>
> theres no manpage on it, i looked at the solaris
> version of networks and tried to do the file that
> way but it didn't seem to work.
>
> network_name 192.168.50.0
>
> from the solaris manpage:
> Network numbers may be specified in the conventional dot
> (`.') notation using the inet_network routine from the
> Internet address manipulation library, inet(7P). Network
> names may contain any printable character other than a field
> delimiter, NEWLINE, or comment character.
> [..]
> The network database does not support subnet masks in gen-
> eral, so getnetbyaddr(3N) cannot differentiate between net-
> works of 11.128.0.0/255.192.0.0 and 11.128.0.0/255.240.0.0.
>
> nate
>
_________________________________________________________
Rich Puhek
ETN Systems Inc.
_________________________________________________________
