[Oisf-users] (no subject)
Leonard Jacobs
ljacobs at netsecuris.com
Fri Jun 14 18:09:25 UTC 2013
The problem is you have both of those IP addresses in the same subnet with 192.168.50.0/24 so 192.168.50.1 is not in your EXTERNAL_NET.
Are you trying to trigger on outbound traffic?
Is HOST A on one interface and HOST B on another interface? Where is HOST B trying to send traffic to?
From: oisf-users-bounces at openinfosecfoundation.org [mailto:oisf-users-bounces at openinfosecfoundation.org] On Behalf Of mouna amani
Sent: Friday, June 14, 2013 1:07 PM
To: oisf-users at openinfosecfoundation.org
Subject: [Oisf-users] (no subject)
here is the deal I am a beginner with ips and everything
I have a host A with ip 192.168.50.3
an Host B with ip 192.168.50.1
the HostB sometimes sends good traffic and sometimes attacks .
I set HOME_NET:192.168.50.0/24
and EXTERNAL_NET: "!$HOME_NET"
if my hostB decides to send bad traffic the ips will generate an alert??
(I did not change the rules to drop)
or should I set EXTERNAL_NET to any
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130614/a3e7793b/attachment-0002.html>
More information about the Oisf-users
mailing list