[Snort-users] Snort DUAL nics

shawn . moyer shawn at ...1184...
Thu Apr 5 01:55:46 EDT 2001


Ryan Russell wrote:

> I'm familiar with the read-only cables, but I was really more curious
> about whether that setup was safe or not.. not because I would
> neccessarily do it that way, but because other people probably do.
> 
> I also don't think the read-only cable will help, as any replies would be
> going out the interface that does have an IP address.

You can always tune the necessary kernel parameters to drop
broadcasts... In FBSD, I believe this would be 

sysctl -w net.inet.icmp.bmcastecho=0

and

sysctl -w net.inet.icmp.maskrepl=0


Of course at this point this is all getting a bit silly.



--shawn

-- 

s h a w n   m o y e r
shawn at ...1184...

"Nuclear war would really set back cable."
                             -- Ted Turner




More information about the Snort-users mailing list