Advice for
Selecting
Windows XP Installation
Network Configuration Parameters
Windows XP Installation
Network Configuration Parameters
Here is some advice on answering the network configuration parameters.
1. For Home WinXP Users on a typical Cable, DSL, or modem.
Here is what to do if you are a single PC user attached directly, or via wireless access point, to your Internet provider's cable, DSL, or Modem.
1a. Enter the Network Mask of your Trusted Net
You may enter the IP address of your
system as your trusted network mask. Here is how to find your
system's current IP address:
Click the Windows desktop Start Menu, Control Panel, Network Connections. Find the local area connection that is "Connected". Double click the connected network icon. Click the Support Tab. Your IP address will be listed.
Use this IP address as your Trusted Network mask. You do not need to specify this as an IP mask.
1b. Enter the IP address of any SMTP servers on the network.Click the Windows desktop Start Menu, Control Panel, Network Connections. Find the local area connection that is "Connected". Double click the connected network icon. Click the Support Tab. Your IP address will be listed.
Use this IP address as your Trusted Network mask. You do not need to specify this as an IP mask.
Assuming you are a home user and use
your mail server is provided by your Internet service provider (this is
typical), you may leave this entry blank.
1c. Enter the IP address of any DNS servers on the network.
Assuming you are a home user whose DNS
services are provided by your Internet service provider (this is
typical), you may leave this entry blank.
1d. Select the Network Adapter to be used by Snort.
Click the Windows desktop Start Menu,
Control Panel, Network Connections. Find the local area
connection that is "Connected". Double click the connected network
icon. Match the name of this "Connected" adapter to the network
adapter in the scroll list prompt.
Typically, your Home PC should generate very few "Lines Parsed", or dialog alarms. You may leave BotHunter running for several hours, to determine if your system is infected with malware. If so, BotHunter will produce an infection profile. BotHunter may be run on your system periodically to retest whether your machine is infected.
Typically, your Home PC should generate very few "Lines Parsed", or dialog alarms. You may leave BotHunter running for several hours, to determine if your system is infected with malware. If so, BotHunter will produce an infection profile. BotHunter may be run on your system periodically to retest whether your machine is infected.
2 For WinXP users on a corporate network or home LAN with multiple PCs.
2a. Enter the Network Mask of your Trusted Net
Please confer with your network
administrator. The Trusted Network configuration variable must
contain a (comma separated) local network mask list, plus the IP
addresses of all external NetBIOS shares with which your internal
machines are allowed to communicate.
2b. Enter the IP address of any SMTP servers on the network.
Your email program should have an
option or configuration menu item that allows you to set your mail
server name (e.g., mxN.isp-vendor.com). From the black command shell,
type 'nslookup mxN.isp-vendor.com'. The IP address of your mail server
should be provided.
2c. Enter the IP address of any DNS servers on the network.
If you are a Windows XP user, click
Start, Run, and type 'cmd.exe' at the open prompt. A black
command shell should start and display something like
'C:\path>'. Type 'ipconfig /all'. You DNS Servers
should be listed under you active Ethernet device.
2d. Select the Network Adapter to be used by Snort.
Click the Windows desktop Start Menu,
Control Panel, Network Connections. Find the local area
connection that is "Connected". Double click the connected network
icon. Match the name of this "Connected" adapter to the network
adapter in the scroll list prompt.
3. For WinXP network administrators performing networking monitoring via SPAN port or other network tap.
See 2a for how to set your Trusted
Network Mask. You should know how to set the rest of the
parameters (or see 2b-d for details).
SRI International http://www.bothunter.net
