Snort mailing list archives
Re: Use dyndns to ignore my ip
From: Kevin Ross <kevross33 () googlemail com>
Date: Fri, 15 Feb 2013 15:03:19 +0000
Depends on your setup. Ideally you should monitor the inside of your network (like behind firewall) so you only see stuff really getting in which would mean this is a problem as you can just set your internal network as the $HOME_NET variable. However, if you want to see outside or you are using a software firewall with it included (like pfsense although this should autowhitelist your IP) you can perhaps look at your current IP in a whois query. This hopefully should point to your ISP and give you their ranges which you can add to your $HOME_NET variable. Obviously you will miss anything coming from their ranges now though as a downside. Unfortunately DYNDNS type services won't work as snort whitelists are done by IP. May I ask about your setup? Have you build a sensor from scratch like using security onion or built yourself or are you using software on something like PFsense, untangle etc?). Also is this a home or business type network you want to monitor. On 15 February 2013 08:47, Andy <a_w_smith () yahoo co uk> wrote:
Hi, Is it possible to use dyndns to ignore my ip address (which changes) I keep getting alerts that I want to suppress from just my ip. Thanks, Andy ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Use dyndns to ignore my ip Andy (Feb 15)
- Re: Use dyndns to ignore my ip Kevin Ross (Feb 15)
- Re: Use dyndns to ignore my ip Jefferson, Shawn (Feb 15)
- Re: Use dyndns to ignore my ip Jeremy Hoel (Feb 15)
- Re: Use dyndns to ignore my ip waldo kitty (Feb 15)
- Re: Use dyndns to ignore my ip Jeremy Hoel (Feb 15)
- Re: Use dyndns to ignore my ip waldo kitty (Feb 15)
- Re: Use dyndns to ignore my ip Jeremy Hoel (Feb 15)
- Re: Use dyndns to ignore my ip Jeremy Hoel (Feb 15)