configuring snort

Kernels & Hardware, configuring network, installing services

configuring snort

Postby viniosity » 2004-09-26 03:40

I'm installing snort on a debian/sarge system and after it installed it asked me to "Please enter the address range that Snort will listen to"

It defaults to 192.168.0.0/16.. this is a form (I guess called CIDR) that I've never seen before.. Can anyone help me with the answer.. my network is a 192.168.1.1- 192.168.1.255 range and I'm not interested in detecting intrusion from within the network.

TIA.
User avatar
viniosity
 
Posts: 46
Joined: 2004-09-15 04:39
Location: DC

Postby lacek » 2004-09-27 09:30

You can specify your IP when setting up snort using this form:
your_ip_address/32
You need to edit /etc/snort/snort.conf anyway, to set up the network segment which doesn't generate alerts, for example.
Set the HOME_NET variable to 192.168.1.0/24 to rule out your internam net.

FYI, this kind of form of giving the network address is used to specify the networks the following way:
The first part is the IP address. The second (after the '/') is the netmask. The number in the second field equals the ones in the netmask from left to right, when the mask is represented as a binary number.
lacek
Moderator Team Member
 
Posts: 769
Joined: 2004-03-11 18:49
Location: Budapest, Hungary


Return to System configuration

Who is online

Users browsing this forum: No registered users and 16 guests

fashionable