Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan

From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 19 Apr 2014 10:54:51 -0400
On 4/19/2014 6:38 AM, Teo En Ming wrote:

Dear Eric G,

I added my internet-facing IP address to HOME_NET but alerts did not increase
tremendously. Here is my newly modified HOME_NET variable:

ipvar HOME_NET [192.168.1.0/24,175.156.117.62]

Please note that my internet-facing IP address is dynamic. Every time it
changes, I would have to modify snort.conf accordingly.


you can easily take care of that by using an include file that is updated via a 
script every time your WAN IP changes... the script would update the include 
file to contain your new WAN address as well as your internal address 
range(s)... the script can also gather your new DNS server addresses from the 
ppp or dhcp connection and update those in the include file... after updating 
the include file, the script would then restart snort so the new addresses are 
being used...

eg: snort.conf
[...]
###################################################
# Step #1: Set the network variables.  For more information, see README.variables
###################################################

# Setup the network addresses you are protecting
include /etc/snort/homenet.txt
[...]


eg: homenet.txt would contain the following when updated
ipvar HOME_NET [your.wan.ip.address/32,your.internal.address.range]
ipvar DNS_SERVERS [8.8.8.8,8.8.4.4]


you would also need comment out the existing DNS_SERVERS entry in your 
snort.conf if those might change with your dynamic IP since they are also 
included in the include file... you don't need to define the dns servers in the 
include file and update them with the script if they never change but if they 
do, it is important that you update them...



-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: