Re: [Snort-users] Snort on home DSL connection
This is a discussion on Re: [Snort-users] Snort on home DSL connection within the Snort forums, part of the System Security and Security Related category; On Wed, 24 Dec 2003, Bell, Josh wrote: > Another Snort newb here... > > I've set up a ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-25-2003
|
|||
|
|||
Re: [Snort-users] Snort on home DSL connection
On Wed, 24 Dec 2003, Bell, Josh wrote:
> Another Snort newb here... > > I've set up a Snort box at home so I can have an 'expendable' box to > experiment and learn on. I have an SBC DSL connection. The DSL line > runs into my DSL modem, from there to a little hub, and from there to a > Linksys-type router/firewall, where my machines are connected. It's a > PPPoE DSL connection so my IP can and does change rather frequently. > > On my Snort box, eth0 is connected to the 'inside' network with an > RFC1918 address and eth1 is connected to the hub in promiscuous mode. > It receives all traffic that hits the hub, the only problem I have is I > don't know how to set the HOME_NET variable. I can't use eth0's IP > because that's just a 192.168 address. Eth1 has no IP and I don't want > to statically plug in in there. Can I use a DNS name? I have a DYNDNS > account which in theory is updated regularly and should be the IP of my > router. If not, is there some way of telling it to use whatever IP is > currently assigned to a particular MAC? Use the 192.158.x.x address as HOME_NET. After all you're looking to see what is coming from the internet (var EXTERNAL_NET !$HOME_NET) that's coming at you (PPPoE). Since Snort doesn't handle PPPoE that well, you're better off to listen to the 'inside' interface (192.168.x.x) and see what's passing "thru" the router/gateway. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
