Confusion setting up snort on Ubuntu 10.04

Acer Aspire 7540-1317 notebook - athlon...
August 30, 2010 at 14:35:04
Specs: Windows 7 Professional, 32-bit, Debian 5.0 Lenny 32-bit, Ubuntu 10.04 LTS triple boot, 2.0 GHz, 3.00 GB RAM
I have installed snort on Ubuntu 10.04. I am confused to what IP address I need to configure snort to use for my home network. I have a router at 192.168.1.254 and computers are connected to it using DHCP. I do not know which address to configure snort to use for the home network. I don't want to end up logging everything on the network. I do not know what IP to put for the home_net value in /etc/snort/snort.conf. The IP of my router? Can anyone point me in the right direction to set this up properly?
I am not a complete newbie with Linux. Just network software configurations.

See More: Confusion setting up snort on Ubuntu 10.04

Report •

#1
August 30, 2010 at 23:44:40
The HOME_NET is the network, you want to protect.
EXTERNAL_NET is the network is the untrusted network.

http://searchsecurity.techtarget.co...

Google is your friend (sometimes).

The original poster should always write the last response !!!
Let us know, if the problem is solved !!!


Report •

#2
August 31, 2010 at 09:52:12
I found a page here at techrepublic:
http://articles.techrepublic.com.co...
which gives me some information about configuration. It has a section about configuring an IP range for the home network. My private IP range is 192.168.1.64 through 192.168.1.237. I am thinking that this is the IP range I need to use for snort, however I am still having an issue, it says please use the CIDR form e.g. 192.168.0.1/64 etc for a block of 256 addresses. I don't know what to put, e.g. do I need to put 192.168.1.64/237 or something else? This is still confusing me. Thanks for the link.

Report •

#3
August 31, 2010 at 11:00:45
You're missing some basic knowledge about ip addresses and subnets.
The easiest way for you is, to use the default subnetmask for a class C network.
In your case that means, you have to configure 192.168.1.0/24 for the HOME_NET.
The /24 is the subnetmask that looks like this, when completely written:
255.255.255.0

You should read this, to get some basic knowledge of subnetting.
http://en.wikipedia.org/wiki/Subnet...

The original poster should always write the last response !!!
Let us know, if the problem is solved !!!


Report •

Related Solutions

#4
September 1, 2010 at 08:09:24
Thankyou for your help. I set home_net to be 192.168.1.0/24 and it seems that snort is up and running. I will read about subnetting as well.


Report •

#5
September 1, 2010 at 09:09:53
That's great news.
Thanks for the reply.

The original poster should always write the last response !!!
Let us know, if the problem is solved !!!


Report •

Ask Question