[Snort-users] Configuration issue, Part II

Erek Adams erek at ...577...
Mon Sep 24 06:32:04 EDT 2001


On Mon, 24 Sep 2001, DJDave Sobel wrote:

[...snip...]

> How do you specify which interface to use?

Chris has already gotcha fixed up on this.... :)

> And of more importance to me, how do you specify binding to multiple
> interfaces?  I'd like it to be watching traffic to all the internal
> networks, not just one... (that way, I can see what ipchains missed..)

Well...  Yes.  :-/  If you want to see _every_ tiny packet, you will need to
drop off the firewall rules.  Then snort could see any traffic flowing at the
box.

Suggestion:  Have a look at hogwash.  It's not a firewall, it's a packet
scrubber.  You can take packets and massage them a bit, drop them, reset,
almost anything you want....  http://snort.sourcefire.com/downloads.html#4.12

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list