[Snort-users] Using RESP with two Eth interfaces

Andrew Cogger andrew at ...3020...
Thu May 15 16:41:09 EDT 2003


G'day,

'Scuse the N00b question, but....

I have snort 2.0 running on a RH Linux box with
two nics - snort is running on eth0, which is configured
with no IP address. The other interface eth1 is secured behind a 
firewall for admin use.

I'm using some rules with the RESP keyword for killing some
connections - however the reset packets are sent out via the
interface with the IP address - eth1. Any idea how I can get the
resp packets to be sent out via the eth0 interface snort is
actually using?

Thanks,

Andrew

****************************************************************
This email and any files transmitted with it are confidential 
and intended solely for the use of the individual or entity to
whom they are addressed. If you are not the intended recipient 
you must not use, disclose or distribute this email or any 
attachment(s). Please notify the sender immediately and then
delete this email. All sent and received email from/to 
Innovonics Ltd is automatically scanned for the presence 
of computer viruses, security issues and inappropriate content. 
We have taken precautions to minimise the risk of transmitting 
viruses, but we advise that you carry out your own virus 
checking on this email and any attachments. If email you 
receive has a virus or contains inappropriate content please
contact: admin at ...3020... 
****************************************************************




More information about the Snort-users mailing list