[Snort-users] snort on stealth mode

jan at ...206... jan at ...206...
Thu May 31 08:43:52 EDT 2001


> I just started working on snort, wondering how to make snort
> box in stealth mode ?

Take two NICs. One is configured as usual, the other goes up,
but doesn't get an IP address assigned to it. When you put that
interface in promiscuous mode, it accepts every ethernet frame
that passes its way. Naturally, you'll need a hub for that or
place the thing on a monitoring port on your switch, if you have
such a thing. 

For moderate uplink speeds, placing a good hub between border
router and firewall shouldn't be too troublesome. Works fine for
me with a 2048 kbit/s Primärmultiplexanschluss (whatever that
may be in English ;o)). 

If you're hardcore, you may also crimp a read-only cat 5 cable. 

Cheers, Jan
-- 
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther at ...206...




More information about the Snort-users mailing list