Obfuscating IP Addresses

Problem

You want to send someone else your Snort logs for analysis, but you don't want to give them too much information about your network.

Solution

Use the obfuscate command-line switch, -O.

snort -O -c /etc/snort.conf -l /var/log

 

Discussion

The obfuscation switch changes all IP addresses in the logs to read xxx.xxx.xxx.xxx. If you use this in combination with the -h (homenet) option, it only obfuscates the IPs within that range; all other IPs (i.e., those of the people attacking you) remain in the clear.

See Also

Snort Users Manual

Passive OS Fingerprinting

Installing Snort from Source on Unix

Logging to a File Quickly

How to Build Rules

Detecting Stateless Attacks and Stream Reassembly

Managing Snort Sensors

Generating Statistical Output from Snort Logs

Monitoring Network Performance

Index

show all menu





Snort Cookbook
Snort Cookbook
ISBN: 0596007914
EAN: 2147483647
Year: 2006
Pages: 167
Similar book on Amazon

Flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net