dhcp assigned address and no ip on snort interface

["Madhav Diwan" <mdiwan () wagweb com>]

HI .. I have a quandry.

My firewall gets a dhcp assigned ip address from a cable modem. 

This is a CISCO PIX so it cant really be scripted to send the snort
sensor any info .. like its assigned address.

I have a snort sensor listening on an interface without an ip address to
the cable modems "hub"

I do not want to log all attacks or intrusions for everyone on the cable
services trunk.

how should i "PERIODICALLY" check the dhcp assigned ip of the PIX and
send that to the snort.conf .. (is it easier to send this address to a
commandline?) .... so that i know what network to log against.

I'm playing with sending a number of pings out the from the cisco and
then packet capturing the echo requests and echo replies and greping out
the ip of the cisco on the internet side.. but i cant trust that this
will always work.

Thanks for the help in advance

Madhav





Note: The information contained in this message may be privileged and confidential and protected from disclosure.  If 
the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication in error, please notify us immediately by 
replying to the message and deleting it from your computer.  Thank you.  Wagner Weber & Williams

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users