[Snort-users] Snort with three interfaces attached to diferent network segment

Mike Feetham mike.feetham at ...9502...
Wed Jun 18 11:35:05 EDT 2003

If you want to be 100% sure your Snort machine doesn't route traffic
then you will have to power it off.  Since that's not very pratical for
IDS, the next best option is to NOT configure IP addresses on any of
your promiscuous interfaces.  That's still not perfect, but it's much
harder to hack what you can't see.

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
artiman at ...9501...
Sent: Wednesday, June 18, 2003 2:03 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort with three interfaces attached to diferent
network segment

Hi Folks, I have the following question, I just have one machine to 
monitor the activity on three diferent network segments (Redhat 9), so 
I plan to to install 3 NIC on the snort machine, setup the interfaces 
on promiscous mode without IP information and start to listen each 
segment, I'm kinda worried for the security implications because I'm 
creating a physcial path between the Internet, DMZ and MZ zones, so 
in  theory there is a small probablity of bypass the Firewall using 
the snort machine.
Can somebody explain what is the risk that I'm facing using this 
architecture, How can I make sure 100% that the Linux will not route 
packet between different segments, In wich ways a Hacker can exploit 
my network ???



This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list