[Snort-users] stealth interface

Wilhelm, Brent bwilhelm at ...8875...
Mon Apr 14 09:12:04 EDT 2003


This is what we do, seems to work just fine.

Thank You For Your Time,
 
Brent Wilhelm
Network Technology Services
St. Mary's University


-----Original Message-----
From: Keg [mailto:snrtlst at ...2792...] 
Sent: Thursday, April 10, 2003 3:34 PM
To: d_greenjr
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] stealth interface


It should work accirding to Snort FAQ.

d_greenjr wrote:

>I was told the following but have not tried it:
>" On NT you just disable all bindings for a network card. I haven´t 
>tried this with snort but it works just fine with other IDS´s."
>
>Let me know if it works.
>
>----- Original Message -----
>From: "Tom Culpepper" <tculpepp at ...8819...>
>To: <snort-users at lists.sourceforge.net>
>Sent: Tuesday, April 08, 2003 8:05 PM
>Subject: Re: [Snort-users] stealth interface
>
>
>  
>
>>Is something like this possible on a windows system?
>>
>>
>>Eric Baur wrote:
>>
>>    
>>
>>>    Some of the other replies seem like too much work... and are 
>>>harder to maintain (or someone else to figure out if they need to 
>>>figure out what you did).
>>>    You should be able to change the ifcfg-eth1 file (or whatever 
>>>number you want to be ip-less) to be:
>>>
>>>DEVICE=eth1
>>>ONBOOT=yes
>>>BOOTPROTO=none
>>>
>>>    That seems to be working in my installation (also RH8.0) without 
>>>any issues.  (Now, my next mystery is seeing if I can find a way to 
>>>refer to the devices as "lan", "wan" and "dmz" instead of "eth1", 
>>>"eth2" and "eth3".)
>>>
>>>Eric
>>>
>>>d_greenjr wrote:
>>>
>>>      
>>>
>>>>    Can someone tell me or give me the URL on how to create an
>>>>    interface with no ipaddr (stealth), on a linux [RH8] system? (Not
>>>>    the receive only cable-I saw that in the snort FAQs)  I have
>>>>    searched the Internet and the snort archives but have not found a
>>>>    message/page that describes what to do-only the end results.
>>>>        
>>>>
>Thanks
>  
>
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: ValueWeb:
>>Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other 
>>company gives more support or power for your dedicated server 
>>http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
>>_______________________________________________
>>Snort-users mailing list
>>Snort-users at lists.sourceforge.net
>>Go to this URL to change user options or unsubscribe: 
>>https://lists.sourceforge.net/lists/listinfo/snort-users
>>Snort-users list archive: 
>>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>>    
>>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: ValueWeb:
>Dedicated Hosting for just $79/mo with 500 GB of bandwidth! 
>No other company gives more support or power for your dedicated server
>http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users
>  
>

-- 
Your favorite stores, helpful shopping tools and great gift ideas. 
Experience the convenience of buying online with Shop at ...2793...! 
http://shopnow.netscape.com/




-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com _______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list