Snort: Don't Automatically Add Internal Subnets
jwbrown77 last edited by
Is there a way to configure Snort to use a HOME_NET that only includes the subnets I designate as the HOME_NET?
Our PCI auditor wants the IDS to run on internal interfaces, not on external. This means I need to figure out how to get the internal subnets the firewall is aware of to stop ignoring inspection with Snort. As far as I can tell, anything in the HOME_NET is automatically ignored.
I tried creating a new "homenet" NETLIST and setting that as the HOME_NET in the GUI, but it is still adding the internal subnets automatically.