A Tool for Running Snort in Dynamic IP Address Assignment Environment

The purpose of this paper is to detail the creation of a small tool program which aids the operation of the Snort IDS in dynamically assigned IP address environment. The configuration file of Snort (snort.conf) specifies IP numbers for the monitored network and servers. For the non-permanent IP address subscriber sites, which are the case for the most of ADSL users, these parameters need be updated every time the data link connection reset and new address is assigned. A set of small programs is written to automate Snort configuration update for the connection using PPP-E. A program monitors the IPCP traffic and dumps PPP-E frames with IPCP negotiations. A script interprets the IPCP negotiation and sees if new IP addresses are agreed upon. If it is, snort.conf file is updated with the new IP addresses for HOME_NET and DNS_SERVERS variables and signal is sent to the running Snort process to restart and reflect the change. This paper examines the program form the secure code writing point of view and also discusses the meaning of running Snort IDS in home user environment in the age of 'always connected to the Net'.