[Snort-users] Bothersome portscans and some conjecture
Gene R. Gomez
ggomez at ...677...
Mon Nov 20 16:27:08 EST 2000
-----BEGIN PGP SIGNED MESSAGE-----
You're correct that an interface with no IP would not be sending ARP
requests...there would be no need, unless for some reason ARP support
Anyway, I need to have an IP on this interface...the IP is used to
download newer versions of vision.rules as they are released.
Actually, along this thread, I COULD create a script that would bind
an IP to the interface when I need to download this file, then remove
it immediately after...
- -----Original Message-----
From: Todd Ransom [mailto:TRansom at ...197...]
Sent: Monday, November 20, 2000 11:58 AM
To: 'emf at ...367...'; Gene R. Gomez
Cc: 'snort-users at lists.sourceforge.net'
Subject: RE: [Snort-users] Bothersome portscans and some conjecture
On OpenBSD you bring up an interface with no ip address that will not
ifconfig ep0 0.0.0.0 netmask 255.255.255.255 -arp
Don't know about other platforms. But I can't figure out why an
with no ip would be ARPing in the first place. I haven't actually
this, but if ARP is used to resolve an ip address to a MAC address
sending an IP datagram, why would a system with no ip be ARPing? I
interested to hear about scenarios where it would.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0
-----END PGP SIGNATURE-----
More information about the Snort-users