Hello, I need help. I've been trying to set up Snort (an IDS = Intrusion Detection System) correctly for several days... , read many docs, surfed ..but got no useful information. Perhaps there might be a SNORT expert among us (lilux)...?? So my questions: How can I configure Snort to work on a DSL network (ppp0) ? I am using a "normal" Alcatel Speedtouch modem. I found lots of information for a eth0 but nothing for ppp0. There is a file, that i have to edit (snort.conf) and enter the correct values. The default file is already made for eth0..so I have to modify it.. Here is the initial part of the file (snort.conf), if you don't bother taking a look.. ---------------------------------------------------------------------------- http://www.snort.org Snort 2.1.0 Ruleset # Contact: snort-sigs(a)lists.sourceforge.net #-------------------------------------------------- # $Id: snort.conf,v 1.133 2003/12/18 17:05:07 cazz Exp $ # ################################################### # This file contains a sample snort configuration. # You can take the following steps to create your own custom configuration: # # 1) Set the network variables for your network # 2) Configure preprocessors # 3) Configure output plugins # 4) Customize your rule set # ################################################### # Step #1: Set the network variables: # # You must change the following variables to reflect your local network. The # variable is currently setup for an RFC 1918 address space. # # You can specify it explicitly as: # # var HOME_NET 10.1.1.0/24 # # or use global variable $<interfacename>_ADDRESS which will be always # initialized to IP address and netmask of the network interface which you run # snort at. Under Windows, this must be specified as # $(<interfacename>_ADDRESS), such as: # $(\Device\Packet_{12345678-90AB-CDEF-1234567890AB}_ADDRESS) # # var HOME_NET $eth0_ADDRESS # # You can specify lists of IP addresses for HOME_NET # by separating the IPs with commas like this: # # var HOME_NET [10.1.1.0/24,192.168.1.0/24] # # MAKE SURE YOU DON'T PLACE ANY SPACES IN YOUR LIST! # # or you can specify the variable to be any IP address # like this: var HOME_NET any # Set up the external network addresses as well. A good start may be "any" var EXTERNAL_NET any --------------------------------------------------------------------------------------------- Has somebody an idea? Many thanks in advance. pedro