Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: MarK on September 29, 2002, 09:04:55 PM

Title: Using Snort/Guardian
Post by: MarK on September 29, 2002, 09:04:55 PM: I've installed Snort/Acid/Guardian from http://www.marari.net/downloads/snort/acid-howto.htm

Few questions:

1) Guardian is only blocking DOS MSDTC attempts. How do I get it to block other alerts? 90% of my traffic is ICMP traffic and I am seeing a lot of "ICMP PING speedera" alerts not being blocked.

2) $HOME_NET in /etc/snort/snort.conf is defined as [127.0.0.1/32,192.198.1.0/24,131.192.41.12/32]. Is the correct? Should the external IP 131.192.41.12 (which is my gateway) be included?

3) How do I update snort.conf? The beginning of /etc/snort/snort.conf tells me "DO NOT MODIFY THID FILE"

TIA

Mark
Title: Re: Using Snort/Guardian
Post by: Tom Veitch on September 30, 2002, 01:15:57 AM: I Changed my snort config

and where is had
$home_NET what ever it had

to
$HOME_NET any

this works

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy | Terms and Policies