Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Using Snort/Guardian
« previous next »
Pages: [1]   Go Down

Using Snort/Guardian

  • 1 Replies
  • 799 Views

MarK

Using Snort/Guardian
« on: September 29, 2002, 09:04:55 PM »
I've installed Snort/Acid/Guardian from http://www.marari.net/downloads/snort/acid-howto.htm

Few questions:

1) Guardian is only blocking DOS MSDTC attempts.  How do I get it to block other alerts?  90% of my traffic is ICMP traffic and I am seeing a lot of "ICMP PING speedera" alerts not being blocked.

2) $HOME_NET in /etc/snort/snort.conf is defined as [127.0.0.1/32,192.198.1.0/24,131.192.41.12/32].  Is the correct?  Should the external IP 131.192.41.12 (which is my gateway) be included?

3) How do I update snort.conf?  The beginning of /etc/snort/snort.conf tells me "DO NOT MODIFY THID FILE"

TIA

Mark
Logged

Tom Veitch

Re: Using Snort/Guardian
« Reply #1 on: September 30, 2002, 01:15:57 AM »
I Changed my snort config

and where is had
$home_NET  what ever it had

to
$HOME_NET any

this works
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: Using Snort/Guardian