[Snort-users] Securing a Snort machine

Michael Anderson mca at ...1717...
Thu Apr 17 07:41:19 EDT 2003


You can configure an IPless interface by bringing the interface up 
without an ip.  You should also specify that you don't want to respond 
to arps with this interface.  I seem to recall that an IPless interface 
will still try and respond to arps.
So type: ifconfig eth? up -arp
Where eth? is your interface.  I'm not sure about Webmin.

-Mike

Elvira_Byrnes at ...8560... wrote:

> Thanks a lot for your suggestions. What is the proper way to configure 
> an IPless interface on the RedHat? Is it safe to run Webmin on that box?
>  
> Thanks a lot.
>  
> Regards
>  
> Elvira
>
>     -----Original Message-----
>     From: Semerjian, Ohanes [mailto:ohanes.semerjian at ...8907...]
>     Sent: Thursday, 17 April 2003 3:06 PM
>     To: 'Elvira_Byrnes at ...8560...';
>     snort-users at lists.sourceforge.net
>     Subject: RE: [Snort-users] Securing a Snort machine
>
>     Best way is to :
>      
>     1. use IPless interfaces (specially one on Internet ) except the
>     one that will use it to connect to the box ( which is best to be
>     located internally).
>     2. Use ssh to connect to the box via the internal interface on the
>     LAN.
>     3. Close all ports (via shutting down ports and stopping scripts
>     that are not need to be run on the box) except for ssh.
>     4. Scan the box to find out if you do have any ports open other
>     than ssh.
>      
>
>     Best Regards
>
>     Ohanes Semerjian
>     Security Engineer, AsiaPac
>     International Security Group  (Central Services)
>     WorldCom International
>
>     Ph:(02) 9434 5636
>     Mob: 0410 657 249
>
>     PGP kEY
>     75DF 2980 5663 2DC1 12CD  E43E 94D6 7A9A 222D 3449
>
>         -----Original Message-----
>         From: Elvira_Byrnes at ...8560...
>         [mailto:Elvira_Byrnes at ...8560...]
>         Sent: Thursday, 17 April 2003 2:08 PM
>         To: snort-users at lists.sourceforge.net
>         Subject: [Snort-users] Securing a Snort machine
>
>         Hi Everybody
>          
>         I have installed Snort and now want to make the machine
>         secure. Snort will be listening on border attacks (outside the
>         network), on the dmz, and inside the lan.
>          
>         What is the best way of doing it on RedHat 8.0 and 9.0?
>          
>         Thanks a lot.
>          
>         Elvira
>          
>
>
>         ******************** Confidentiality Statement
>         ***************************
>
>
>         This message contains privileged and confidential information
>         intended only for the use of the addressee named above. If you
>         are not the intended recipient of this message, you must not
>         disseminate, copy or take any action in reliance on it. If you
>         have received this message in error, please delete it from
>         your system and notify the sender immediately. Any views
>         expressed in this message are those of the individual sender,
>         except where the sender specifically states them to be the
>         view of the company.
>
>
>
>
> ******************** Confidentiality Statement 
> ***************************
>
>
> This message contains privileged and confidential information intended 
> only for the use of the addressee named above. If you are not the 
> intended recipient of this message, you must not disseminate, copy or 
> take any action in reliance on it. If you have received this message 
> in error, please delete it from your system and notify the sender 
> immediately. Any views expressed in this message are those of the 
> individual sender, except where the sender specifically states them to 
> be the view of the company.
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030417/509c5ab0/attachment.html>


More information about the Snort-users mailing list