Rich Puhek said: > nate, > > I believe you just add an "alias" for the given network (so to > speak). Let's say you have a local ethernet on 10.0.0.0 and your > accounting dept. has their own subnet at 192.168.50.0. You might > want to do: > > localnet 10.0.0.0 > accounting 192.168.50.0 > > Then, instead of seeing "10.0.0.0" in your routing table, you'll > see the word "localnet". > > Snort shouldn't care about this... look at the > "DEBIAN_SNORT_HOME_NET" option in /etc/snort/snort.conf for > defining your home network. Other snort options are similar (and > more flexible, since snort knows about subnet masks). > thanks! seems i had it backwards.. i'll try it. as for snort, im trying to use this with the bpf filter options, which is defined outside of the snort.conf (trying to tell it to ignore outbound http traffic according to the snort FAQ). not having much luck though :(
thanks again! nate
