Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

configuring snort

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
User avatar
viniosity
Posts: 46
Joined: 2004-09-15 04:39
Location: DC

configuring snort

#1 Post by viniosity »

I'm installing snort on a debian/sarge system and after it installed it asked me to "Please enter the address range that Snort will listen to"

It defaults to 192.168.0.0/16.. this is a form (I guess called CIDR) that I've never seen before.. Can anyone help me with the answer.. my network is a 192.168.1.1- 192.168.1.255 range and I'm not interested in detecting intrusion from within the network.

TIA.

lacek
Posts: 764
Joined: 2004-03-11 18:49
Location: Budapest, Hungary
Contact:

#2 Post by lacek »

You can specify your IP when setting up snort using this form:
your_ip_address/32
You need to edit /etc/snort/snort.conf anyway, to set up the network segment which doesn't generate alerts, for example.
Set the HOME_NET variable to 192.168.1.0/24 to rule out your internam net.

FYI, this kind of form of giving the network address is used to specify the networks the following way:
The first part is the IP address. The second (after the '/') is the netmask. The number in the second field equals the ones in the netmask from left to right, when the mask is represented as a binary number.

Post Reply