[Snort-users] Methodology Verification
cherbini at ...7918...
Wed Jan 15 07:59:30 EST 2003
This is exactly what I was looking for.
> On Tue, 14 Jan 2003, John Cherbini wrote:
> > I'm setting up a testing network that does not have a firewall. I
> > basically want a snort machine with the external net on one
> side, and
> > the victim on the other side. I really just want to be able to see
> > the attacks that take place on the victim.
> Well... Easy enough. Simply plug everything into a cheap
> hub. One interface on the Snort box would see everthing on
> the entire hub.
I figure that by using a hub and a R/O cable, I should be in the
situation I'm looking for. (for now) I'm thinking that I'll hook a
second NIC up to the "trusted" network, so I'll be able to manage it
remotely, and leave the R/O interface, hub, etc.....outside the
> > I want the snort box to basically be invisible. I understand that
> > this can happen in a number of ways..
> IP-less Interface , a R/O cable , a ethernet Tap ,
> or a bridge.
This is the gap that I was missing.
Thanks very much Erek!
More information about the Snort-users