[Snort-users] (no subject)
bsdguy at ...4401...
Tue Jan 15 08:36:04 EST 2002
On Tue, 2002-01-15 at 16:29, charley pfaff wrote:
> I am plannning on putting a snort IDS before and after my firewall. The
> question is do I have to give the IDS outside one of our external IP's or
> can I throw a dummy ip on it just to monitor traffic. Oh yeah just incase
> you need to know it will be running rh7.1 hardened with NSA linux.
you don't need an IP at all. Just put your listening interface in
so-called promiscuous mode by "up"-ing that if: ifconfig ext_if up or
ifconfig ext_if 0.0.0.0 up. If you need to administer the snort boxen
from remote, put a second nic & hook it to a dedicated admin network for
OT: sow how is NSA linux ?
/Saad -- [bsdguy at ...4401...]
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well
More information about the Snort-users