[Snort-users] New Snort Configuration
blake at ...395...
Sun Sep 17 18:27:33 EDT 2000
Get nmap from www.insecure.org.
On Sun, 17 Sep 2000, Timothy L. Robertson wrote:
> Hello Everyone,
> I've just installed snort in what I suspect will be an increasingly common
> configuration and would like some advice from the list. I have a FreeBSD
> box with 2 NICs which acts as a router between a DSL modem (10.0.0.1) and my
> internal network (192.168.1.1/24). I connect using PPPoE (tun0) to my ISP ,
> who dynamically assigns an IP address, and use FreeBSD's nat facility to
> translate addresses for the internal network. I run snort with the command:
> snort -Ds -A full -l /var/log/snort -c /usr/local/share/snort/snort-lib -i
> I've modified snort-lib so with
> var HOME_NET 192.168.1.1/24
> preprocessor portscan-ignorehosts: $DNS_SERVER1 $DNS_SERVER2 $DNS_SERVER3
> The first problem is that I'm not sure if it's working. If a run a portscan
> from this webpage:
> I have no alerts generated and no packets logged. What are some other ways
> to test the installation?
> Second, I'm sure my $HOME_NET is not correct. The interface tun0 should
> never see packets from the 192.168.1 net because of NAT. My IP address is
> dynamically assigned, however, so I can't just hardcode something in here.
> I don't think this is such a big deal, because doesn't this just make the
> arrows point the right ways? Anyway, is there a more correct way of doing
> Any comments or suggestions appreciated.
> timothyr at ...469...
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
More information about the Snort-users