[Snort-users] Secure - NSLOOKUP

Martin Roesch roesch at ...421...
Fri Jan 26 22:33:35 EST 2001


Have swatch do an nslookup on the IP addresses when it sees an alert.... 

I know this sucks, but I'm *really* against adding name lookups into
Snort.

   -Marty

"A.L.Lambert" wrote:
> 
> > Joey,
> >
> > You could ofcourse give everyone a static IP adres. This gives some
> > extra security because strange nics don's come on your network, and
> > when you check your logs you can be rather sure that all the IP's
> > still belong to the same users.
> 
>         Or the same idea with a different twist; if you're using dhcpd
> under a *NIX of some flavor, you can strip the info from your dhcpd.leases
> file and generate a a static IP table in your dhcpd.conf file based on
> what everyone's MAC address/current IP is.  Then leave a range of an
> appropriate number of dynamicly assigned IP's if you've got people who
> need to have truly dynamic IP's (laptop users and whatnot).  That would
> give you the benefit of DHCP (centrally controlable network configurations
> for all your users), and also give you get the benefit of everyone having
> static IP's.  If you're using NT's dhcp server, I dunno how you would go
> about this, but I would expect it could be done there as well.  Cheers!
> 
>         --A.L.Lambert
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list