Re: SNORT config Question -- FROM NEWBIE --

[Erek Adams <erek () snort org>]

On Fri, 22 Aug 2003 Dave.Hartley () uk delarue com wrote:

>       I am extremley new to Linux and Snort.  I have been working in a
> pure MS world and have decided I need to broaden my horizons.

We always welcome those coming over from the Dark Side.  ;-)

[...snip...]

> Anyway my question is can I run it on my MODEM Connection??
>
> Problem is my machine is a Compaq Armada 500, Using a Win Modem...
>
> I use KPPP to dial up...

[...snip...]

Currently Snort doesn't support PPP fully.  It can recognize the packets,
but not do a full breakdown as you need.

Don't despair!  There's a patch [0] that was posted to the snort-devel
list a little while ago to enhance the PPP support.  I've not tried it as
I don't have PPP to test with.  You might want to try grabbing and
applying it to see if that will work.

And as for your 'different IP everytime you connect', just set HOME_NET
like this:

        var HOME_NET $ppp0_ADDRESS

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://marc.theaimsgroup.com/?l=snort-devel&m=106082022405240&w=2


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines
at the same time. Free trial click here:http://www.vmware.com/wl/offer/358/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users