[Snort-users] New Snort Configuration

Vitaly McLain twistah at ...93...
Sun Sep 17 20:20:52 EDT 2000


Hi Tim,

$HOME_NET can't point to 192.168.1.0/24 if you want it to detect attacks
coming from the 'Net; needs to point to your IP on the 'Net.

The problem of dynamic IPs plagues us dial-up users as well. The solution is
simple: get address_config.sh from www.snort.org. Make sure to have one
ruleset with the HOME_NET of 10.1.1.0/24 (I think). The script will look for
it, replace it and put the ruleset with your /current/ IP into another file,
and run Snort with that. Bleh. That sounds confusing. Sorry, I am rushing
out of here. Just get the script, and if you can't get it to work, post on
the list again :)

Vitaly McLain
twistah at ...93...





More information about the Snort-users mailing list