Hello everybody
i have problems with snort.
what happens is the following i guess :
when i'm away, i keep my linux box on. the problem seems to be that my ISP gives me a dynamic ip adress.
i suppose that the change of ip adress makes snort crashes. Or the other possibility is simply my box is compromised
what do you think?
what can i do to make snort survive to ip adress changes? if it is the reason it crashes and how to know the reason without any doubt ?
Thank you very much
/*----------------*/
i just checked the logs and here is what i found :
Sep 7 16:43:03 localhost snort: pcap_loop: recvfrom: Network is down
Sep 7 16:43:03 localhost snort: Snort exiting
and
Sep 7 16:43:36 localhost pppd[3206]: Using interface ppp0
Sep 7 16:43:36 localhost pppd[3206]: Connect: ppp0 <--> 8.35
Sep 7 16:43:40 localhost pppd[3206]: Couldn't set pass-filter in kernel: Invalid argument
Sep 7 16:43:40 localhost pppd[3206]: local IP address ###.###.###.### /* i masked the adress but it appears in clear in the log*/
Sep 7 16:43:40 localhost pppd[3206]: remote IP address 212.129.9.84
Sep 7 16:43:40 localhost pppd[3206]: primary DNS address 213.36.80.1
Sep 7 16:43:40 localhost pppd[3206]: secondary DNS address 213.36.80.1
############################################################
So, it seems that the change of ip adress really makes snort crash! how to resolve this problem??
Thanks