[Snort-users] no_promisc option

counter.spy at ...348... counter.spy at ...348...
Mon Mar 25 05:20:12 EST 2002


Short question, easy to answer (I hope):

Can the -p option (disable promisc mode) be used in order to run snort as a
NNIDS?

(NNIDS == Network Node Intrusion Detection System, in my understanding a
host IDS that uses stack-based attack recognition instead of system logs or
application logfiles)

If so, is there a way to install Snort as NNIDS without having to install
libpcap (for *nix) or winpcap (for Windoze boxes)?

The reason for this question is, I am playing around with the idea of using
snort as NNIDS on ISA Server or Exchange Server, but I don't like to have a
promiscuous mode device on a productive server.

Thanks!

Greetings,
D.Liesen

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net





More information about the Snort-users mailing list