Snort mailing list archives

Re: Use dyndns to ignore my ip

From: Kevin Ross <kevross33 () googlemail com>
Date: Fri, 15 Feb 2013 15:03:19 +0000

Depends on your setup. Ideally you should monitor the inside of your
network (like behind firewall) so you only see stuff really getting in
which would mean this is a problem as you can just set your internal
network as the $HOME_NET variable.

However, if you want to see outside or you are using a software firewall
with it included (like pfsense although this should autowhitelist your IP)
you can perhaps look at your current IP in a whois query.

This hopefully should point to your ISP and give you their ranges which you
can add to your $HOME_NET variable. Obviously you will miss anything coming
from their ranges now though as a downside.

Unfortunately DYNDNS type services won't work as snort whitelists are done
by IP. May I ask about your setup? Have you build a sensor from scratch
like using security onion or built yourself or are you using software on
something like PFsense, untangle etc?). Also is this a home or business
type network you want to monitor.




On 15 February 2013 08:47, Andy <a_w_smith () yahoo co uk> wrote:

Hi,

Is it possible to use dyndns to ignore my ip address (which changes) I keep
getting alerts that I want to suppress from just my ip.

Thanks,
Andy



------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Use dyndns to ignore my ip Andy (Feb 15)
- Re: Use dyndns to ignore my ip Kevin Ross (Feb 15)
- Re: Use dyndns to ignore my ip Jefferson, Shawn (Feb 15)
  - Re: Use dyndns to ignore my ip Jeremy Hoel (Feb 15)
    - Re: Use dyndns to ignore my ip waldo kitty (Feb 15)
    - Re: Use dyndns to ignore my ip Jeremy Hoel (Feb 15)
    - Re: Use dyndns to ignore my ip waldo kitty (Feb 15)
    - Re: Use dyndns to ignore my ip Jeremy Hoel (Feb 15)
  - Re: Use dyndns to ignore my ip waldo kitty (Feb 15)
- Re: Use dyndns to ignore my ip waldo kitty (Feb 15)