[Snort-users] Snort with DHCP

Erek Adams erek at ...950...
Fri May 2 11:00:57 EDT 2003


On Fri, 2 May 2003, Sadanapalli, Pradeep Kumar (MED, TCS) wrote:

[...snip...]

> I am running snort-1.9.1 on RedHat 8.0 . I am running snort on my
> workstation as a personal
> intrusion desktop system. I only bother about the traffic through my
> system.

Upgrade to 2.0.  There's a couple of nasty bugs in 1.9.x including a
remote root possibility.

> So in my "snort.conf" file, I edited the below line
> "var HOME_NET 10.1.2.30/24" to
> "var HOME_NET my-IP-address"
>
> It works fine. But now I am not using a static IP. I am using DHCP for
> this, so the IP keeps changing always.
> So how should I modify the snort.conf file , that always sets to the IP
> address of my system.
>
> I mean , instead of mentioning my IPADRESS in "var HOME_NET IPADDRESS" ,
> is there any other to configure it,(say a variable or so) that sets the
> HOME_NET to my IP Address whatever it is?


If your listening interface is eth0 then define it like:

	var HOME_NET $eth0_ADDRESS

Right there in the snort.conf....

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list