Re: No HOME_NET In SMTP/FTPTELNET Preprocs

You can use a variable to define a single address (can't be 'any'
or a CIDR block) for the server configuration of the smtp and
ftp/telnet preprocessors.

However, there isn't an easy way to use a variable to define the
servers as a list of addresses or a network.

FYI, This is the case with Http Inspect as well...

It is a known issue and to address it requires a fairly involved
rework of the Snort parser and configuration language.

Cheers.
-steve

Bamm Visscher wrote:
> One thing I've noticed is there doesn't seem to be a way to define a
> HOME_NET (or SMTP_SERVERS or FTP/TELENET_SERVERS) in these two
> preprocessors. Many of the benign triggers I am seeing are outbound
> and it'd be nice to ignore those w/o having to use suppress.
> 
> Bammkkkk
> 
> 


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642