[Snort-devel] Re: [Snort-users] what to do with dynamic ip hosts

Martin Roesch roesch at ...48...
Mon Oct 2 13:48:26 EDT 2000


This is a cool idea and should be easy to implement.  Think we can implement
it for 1.7?  (Sounds like something for the todo list...)

   -Marty

Fyodor wrote:
> 
> ~ :Hello,
> ~ : I am going to run snort on my firewall that is hooked up to a cable
> ~ :connection. I am trying to use the rule set you can create on the web page. But
> ~ :it needs the ip of the computer it is on. My ip changes due to the dhcp lease.
> ~ :Is there a way to have it listen to interface eth0 instead of the ip address of
> ~ :eth0?
> ~ :
> 
> What I think you mean it to set IP address of eth0 to $HOMENET variable
> instead of giving address explictly, right?
> 
> On the moment we dont support this feature, but there were a couple of
> scripts posted to the list while ago, which allow you to run snort when
> your IP address changes dinamically.
> 
> However I was thinking here, we can retrive ip address and netmask of the
> interface, which you run snort on, during startup (I don't see if there's
> any way to detect interface IP address change during runtime), so what I
> think we can do is introducing some global variable
> (INTERFACE_ADDRESS?) which would be initialized to an IP address and
> netmask at startup time, so you could put something like:
> 
> var HOMENET $INTERFACE_ADDRESS
> 
> into your snort-lib file.. Any thoughts?
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel

-- 
Martin Roesch
roesch at ...48...
http://www.snort.org



More information about the Snort-devel mailing list