[Snort-users] stealth interface

Michael Steele michaels at ...155...
Tue Apr 8 22:09:03 EDT 2003


Tom,

Yes, I have documented it and would be happy to send it to you tomorrow. The
best thing to do if you want to do this is put two interfaces on the IDS.
Use one interface in promiscuous mode for Snort and the other interface can
be used for management.

 -Michael

 Michael Steele | System Engineer / Support Technician
 mailto:michaels at ...155...
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Tom Culpepper
Sent: Tuesday, April 08, 2003 5:06 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] stealth interface

Is something like this possible on a windows system?


Eric Baur wrote:

>  
>     Some of the other replies seem like too much work... and are 
> harder to maintain (or someone else to figure out if they need to 
> figure out what you did).
>     You should be able to change the ifcfg-eth1 file (or whatever 
> number you want to be ip-less) to be:
>  
> DEVICE=eth1
> ONBOOT=yes
> BOOTPROTO=none
>  
>     That seems to be working in my installation (also RH8.0) without 
> any issues.  (Now, my next mystery is seeing if I can find a way to 
> refer to the devices as "lan", "wan" and "dmz" instead of "eth1", 
> "eth2" and "eth3".)
>  
> Eric
>   
> d_greenjr wrote:
>
>>     Can someone tell me or give me the URL on how to create an
>>     interface with no ipaddr (stealth), on a linux [RH8] system? (Not
>>     the receive only cable-I saw that in the snort FAQs)  I have
>>     searched the Internet and the snort archives but have not found a
>>     message/page that describes what to do-only the end results.  Thanks
>




-------------------------------------------------------
This SF.net email is sponsored by: ValueWeb: 
Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
No other company gives more support or power for your dedicated server
http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users







More information about the Snort-users mailing list