[Snort-users] [Newbie] Promiscuous Mode

Joshua Wright Joshua.Wright at ...2031...
Thu Nov 1 06:07:05 EST 2001


If someone compromised your snort machine, they would be able to see all the
same traffic that Snort sees (of course).  This would be a very "Bad Thing"
(tm, Erek Adams, 2001).

It is _critical_ to properly secure your Snort machine - see the FAQ for
information on setting up a stealth interface, or an interface with no IP
address.  A wealth of helpful resources are available in the SANS GIAC
practicals at http://www.sans.org/giactc.htm.

-Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wright at ...2031... 

pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73

-----Original Message-----
From: Tom Beer [mailto:mailings at ...3969...]
Sent: Thursday, November 01, 2001 8:24 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] [Newbie] Promiscuous Mode


if I run snort on an external interface attached to 
bad world out there :-) isn't this interface
set into promisuous mode, so that an
bad guy may read all the data passing
on that interface?

Thanks Tom

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list