Quoting Javier Fernández-Sanguino Peña ([EMAIL PROTECTED]): > > Hi Christian, I have concerns for some of the changes proposed. More > specifically: > > - If you want you can specify 'any', to not trust any side of the network. > + If you specify 'any', Snort will listen on all available networks. > > The problem is that the 'snort/address_range' is actually the definition of > $HOME_NET. This is the definition of the local network, i.e. the internal > network that might be attacked from the outside. Snort uses this information > to filter out traffic. Traffic that is destined to other network ranges is > filtered out and those are considered "trusted" addresses. > > This template might better be written as: > > _Description: Address range for the local network: > > And remove the above line.
Well, the entire template is pretty big, so I'd like to be sure about
what you propose. We had:
Template: snort{PACKAGE}/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range that Snort will listen on:
Please use the CIDR form - for example, 192.168.1.0/24 for a block of
256 addresses or 192.168.1.42/32 for just one. Multiple values should
be comma-separated (without spaces).
.
If you specify 'any', Snort will listen on all available networks.
.
Please note that if Snort is configured to use multiple interfaces,
it will use this value as the HOME_NET definition for all of them.
Do you propose:
Template: snort{PACKAGE}/address_range
Type: string
Default: 192.168.0.0/16
_Description: Address range for the local network:
Please use the CIDR form - for example, 192.168.1.0/24 for a block of
256 addresses or 192.168.1.42/32 for just one. Multiple values should
be comma-separated (without spaces).
.
Please note that if Snort is configured to use multiple interfaces,
it will use this value as the HOME_NET definition for all of them.
This omits the explanation about 'any', doesn't it?
signature.asc
Description: Digital signature
