[Snort-users] (no subject)

Saad Kadhi bsdguy at ...4401...
Tue Jan 15 08:36:04 EST 2002


On Tue, 2002-01-15 at 16:29, charley pfaff wrote:
> I am plannning on putting a snort IDS before and after my firewall. The 
> question is do I have to give the IDS outside one of our external IP's or 
> can I throw a dummy ip on it just to monitor traffic. Oh yeah just incase 
> you need to know it will be running rh7.1 hardened with NSA linux.
you don't need an IP at all. Just put your listening interface in
so-called promiscuous mode by "up"-ing that if: ifconfig ext_if up or
ifconfig ext_if 0.0.0.0 up. If you need to administer the snort boxen
from remote, put a second nic & hook it to a dedicated admin network for
example. 

OT: sow how is NSA linux ? 

-- 
/Saad --  [bsdguy at ...4401...] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well





More information about the Snort-users mailing list