[Snort-users] I think I know the answer to this, but not 100% sure

Scot Scot scotw at ...125...
Wed Jun 26 16:12:02 EDT 2002


Correct me if I'm wrong,

Will not the below configuration knock your traffic down to Half-Duplex if 
you use a Hub instead of a tap-switch?

?????


>From: Mike_Sands at ...5033...
>To: Eric Garnel <egarnel3470 at ...131...>
>CC: snort 
><snort-users at lists.sourceforge.net>,snort-users-admin at lists.sourceforge.net
>Subject: Re: [Snort-users] I think I know the answer to this, but not 100% 
>sure
>Date: Wed, 26 Jun 2002 15:49:43 -0400
>MIME-Version: 1.0
>Received: from hotmail.com ([65.54.237.38]) by hotmail.com with Microsoft 
>SMTPSVC(5.0.2195.4905); Wed, 26 Jun 2002 15:59:00 -0700
>Received: from usw-sf-list2.sourceforge.net ([216.136.171.252]) by 
>hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 26 Jun 2002 
>15:49:27 -0700
>Received: from usw-sf-list1-b.sourceforge.net ([10.3.1.13] 
>helo=usw-sf-list1.sourceforge.net)by usw-sf-list2.sourceforge.net with 
>esmtp (Exim 3.31-VA-mm2 #1 (Debian))id 17NIpg-0004wv-00; Wed, 26 Jun 2002 
>12:52:04 -0700
>Received: from ekfwall.elementk.com ([63.162.15.250] helo=ekfwall1)by 
>usw-sf-list1.sourceforge.net with smtp (Exim 3.31-VA-mm2 #1 (Debian))id 
>17NIp9-0006hU-00; Wed, 26 Jun 2002 12:51:32 -0700
>Received: from no.name.available by ekfwall1          via smtpd (for 
>usw-sf-lists.sourceforge.net [216.136.171.198]) with SMTP; 26 Jun 2002 
>19:50:34 UT
>X-Mailer: Lotus Notes Release 5.0.8  June 18, 2001
>Message-ID: <OF501F557A.BDB65CC3-ON85256BE4.006CD16C at ...5033...>
>X-MIMETrack: Serialize by Router on CANADICE/Element K(Release 5.0.10 
>|March 22, 2002) at 06/26/2002 03:49:59 PM
>Sender: snort-users-admin at lists.sourceforge.net
>Errors-To: snort-users-admin at lists.sourceforge.net
>X-BeenThere: snort-users at lists.sourceforge.net
>X-Mailman-Version: 2.0.9-sf.net
>Precedence: bulk
>List-Help: <mailto:snort-users-request at lists.sourceforge.net?subject=help>
>List-Post: <mailto:snort-users at lists.sourceforge.net>
>List-Subscribe: 
><https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request at lists.sourceforge.net?subject=subscribe>
>List-Id: Snort users talk about... Snort! 
><snort-users.lists.sourceforge.net>
>List-Unsubscribe: 
><https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request at lists.sourceforge.net?subject=unsubscribe>
>List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users>
>X-Original-Date: Wed, 26 Jun 2002 15:49:43 -0400
>Return-Path: snort-users-admin at lists.sourceforge.net
>X-OriginalArrivalTime: 26 Jun 2002 22:49:29.0873 (UTC) 
>FILETIME=[BB281810:01C21D63]
>
>
>easy question easy answer. Nope you don't need and ip on the nic. In fact
>it is better not to.
>
>Mike Sands
>Security / Network Engineer
>
>
>
>|---------+--------------------------------------->
>|         |           Eric Garnel                 |
>|         |           <egarnel3470 at ...131...>     |
>|         |           Sent by:                    |
>|         |           snort-users-admin at ...4626...|
>|         |           ceforge.net                 |
>|         |                                       |
>|         |                                       |
>|         |           06/26/2002 10:56 AM         |
>|         |                                       |
>|---------+--------------------------------------->
>   
> >------------------------------------------------------------------------------------------------------------------------------|
>   |                                                                        
>                                                       |
>   |       To:       snort <snort-users at lists.sourceforge.net>              
>                                                       |
>   |       cc:                                                              
>                                                       |
>   |       Fax to:                                                          
>                                                       |
>   |       Subject:  [Snort-users] I think I know the answer to this, but 
>not 100% sure                                           |
>   
> >------------------------------------------------------------------------------------------------------------------------------|
>
>
>
>
>Here is my scenario:
>cable modem --- pix -- internal network
>
>Here is what I want to do:
>
>                         PIX----internal network
>                         /
>cable modem ----------hub
>                         \
>                         Snort (linux box)
>                         front nic in promiscuous mode
>                               back nic on dmz or internal
>
>This may seem like a really stupid question, but do I need to assign
>an ip to the front nic of the snort box if it will be running in
>promiscuous mode? I can;t believe that I am even asking it, hand me
>another twinkie
>
>__________________________________________________
>Do You Yahoo!?
>Yahoo! - Official partner of 2002 FIFA World Cup
>http://fifaworldcup.yahoo.com
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by: Jabber Inc.
>Don't miss the IM event of the season | Special offer for OSDN members!
>JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
>
>
>
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by: Jabber Inc.
>Don't miss the IM event of the season | Special offer for OSDN members!
>JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users


_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com





More information about the Snort-users mailing list