I'm installing snort on a debian/sarge system and after it installed it asked me to "Please enter the address range that Snort will listen to"
It defaults to 192.168.0.0/16.. this is a form (I guess called CIDR) that I've never seen before.. Can anyone help me with the answer.. my network is a 192.168.1.1- 192.168.1.255 range and I'm not interested in detecting intrusion from within the network.
TIA.
configuring snort
2 posts
• Page 1 of 1
configuring snort
by viniosity » 2004-09-26 03:40
-
viniosity - Posts: 46
- Joined: 2004-09-15 04:39
- Location: DC
by lacek » 2004-09-27 09:30
You can specify your IP when setting up snort using this form:
your_ip_address/32
You need to edit /etc/snort/snort.conf anyway, to set up the network segment which doesn't generate alerts, for example.
Set the HOME_NET variable to 192.168.1.0/24 to rule out your internam net.
FYI, this kind of form of giving the network address is used to specify the networks the following way:
The first part is the IP address. The second (after the '/') is the netmask. The number in the second field equals the ones in the netmask from left to right, when the mask is represented as a binary number.
your_ip_address/32
You need to edit /etc/snort/snort.conf anyway, to set up the network segment which doesn't generate alerts, for example.
Set the HOME_NET variable to 192.168.1.0/24 to rule out your internam net.
FYI, this kind of form of giving the network address is used to specify the networks the following way:
The first part is the IP address. The second (after the '/') is the netmask. The number in the second field equals the ones in the netmask from left to right, when the mask is represented as a binary number.
- lacek
- Moderator Team Member
- Posts: 769
- Joined: 2004-03-11 18:49
- Location: Budapest, Hungary
2 posts
• Page 1 of 1
Return to System configuration
Who is online
Users browsing this forum: No registered users and 16 guests