Next: What is CIDR Notation
Up: Configuring IDDS
Previous: Configuring IDDS
Contents
Configuring the IDDS is a relatively painless task. Leaving all the
configuration options set to their default settings will allow the
IDDS to scan the local internal network(s) that the IDDS is located
on. To limit the IDDS to monitor specific subnets on the internal
network they must be specified separately by selecting the Specify
Network(s) option and then entering in the network(s). A description
of what each option is and how to use it is below.
- Device To Monitor
- To be effective, the IDDS needs to be told which
interface it should monitor for malicious activity. If your machine
has only one interface, select it from the drop down. If your machine
has multiple interfaces, select the "external" one.
If you are unsure, select eth0.
- Internal Network(s)
- This is a listing of networks which are deemed
"local" to the IDDS subsystem. These networks will
be used when matching "destination addresses" in
the attack patterns.
You may enter one network of the form 1.2.3.4/5 where
'1.2.3.4' is a network address and '5'
is the netmask in CIDR notation. For a definition of CIDR see the
end of this section on page ![[*]](crossref.png)
.
To add multiple addresses, specify one per line.
- DNS Server(s)
- This is a listing of the IP addresses of machines
you use as DNS servers. This will help limit the number of false positives
on DNS-related attacks.
Multiple entries are handled like above.
- Web Server(s)
- This is a listing of the IP addresses of machines
you use as web servers. This will help limit the number of false positives
on WWW-related attacks.
Multiple entries are handled like above.
Next: What is CIDR Notation
Up: Configuring IDDS
Previous: Configuring IDDS
Contents
docs@guardiandigital.com
2003-08-01