AW: [Snort-users] Can snort be used for single host Intrusion Detection?(A newbie Question)

Sean Wheeler s.wheeler at ...2876...
Fri Jul 4 13:57:09 EDT 2003


Single host as in the host snort is running on ?
If that is the case simply do not enable promisc mode, and set EXTERNAL_NET
& HOME_NET TO any.
That way you see attacks coming at your machine and attacks leaving your
machine.

regards
Sean

-----Ursprüngliche Nachricht-----
Von: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]Im Auftrag von Louis Lam
Gesendet: Mittwoch, 2. Juli 2003 10:44
An: snort-users at lists.sourceforge.net
Betreff: [Snort-users] Can snort be used for single host Intrusion
Detection?(A newbie Question)


Hi,

The snort configuration file allows users to specify a
range of network addresses that it detects activities
on. I understand that it is possible to ignore traffic
coming from a particular host.

Is it possible to configure snort such that it only
checks traffic coming into a particular host?



=====
Warmest Regards,
Louis Lam

________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list