Snort mailing list archives
Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 19 Apr 2014 10:54:51 -0400
On 4/19/2014 6:38 AM, Teo En Ming wrote:
Dear Eric G, I added my internet-facing IP address to HOME_NET but alerts did not increase tremendously. Here is my newly modified HOME_NET variable: ipvar HOME_NET [192.168.1.0/24,175.156.117.62] Please note that my internet-facing IP address is dynamic. Every time it changes, I would have to modify snort.conf accordingly.
you can easily take care of that by using an include file that is updated via a script every time your WAN IP changes... the script would update the include file to contain your new WAN address as well as your internal address range(s)... the script can also gather your new DNS server addresses from the ppp or dhcp connection and update those in the include file... after updating the include file, the script would then restart snort so the new addresses are being used... eg: snort.conf [...] ################################################### # Step #1: Set the network variables. For more information, see README.variables ################################################### # Setup the network addresses you are protecting include /etc/snort/homenet.txt [...] eg: homenet.txt would contain the following when updated ipvar HOME_NET [your.wan.ip.address/32,your.internal.address.range] ipvar DNS_SERVERS [8.8.8.8,8.8.4.4] you would also need comment out the existing DNS_SERVERS entry in your snort.conf if those might change with your dynamic IP since they are also included in the include file... you don't need to define the dns servers in the include file and update them with the script if they never change but if they do, it is important that you update them... -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Learn Graph Databases - Download FREE O'Reilly Book "Graph Databases" is the definitive new guide to graph databases and their applications. Written by three acclaimed leaders in the field, this first edition is now available. Download your free book today! http://p.sf.net/sfu/NeoTech _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- My Snort IDS Sensor Detected Nessus Vulnerability Scan Teo En Ming (Apr 18)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Eric G (Apr 18)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Teo En Ming (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan waldo kitty (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Teo En Ming (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Joel Esler (jesler) (Apr 18)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Kevin Ross (Apr 19)
- Re: My Snort IDS Sensor Detected Nessus Vulnerability Scan Eric G (Apr 18)