[Snort-users] Using RESP with two Eth interfaces

Jeff Nathan jeff at ...950...
Thu May 15 18:45:20 EDT 2003


Right now, resp uses your routing table for packet injection.  The next 
version of resp will overcome this limitation.  For now, your choices are 
to assign an IP address to your promiscuous interface or live with the 
problem.

-Jeff

--On Friday, May 16, 2003 9:40 +1000 Andrew Cogger 
<andrew at ...3020...> wrote:

> G'day,
>
> 'Scuse the N00b question, but....
>
> I have snort 2.0 running on a RH Linux box with
> two nics - snort is running on eth0, which is configured
> with no IP address. The other interface eth1 is secured behind a
> firewall for admin use.
>
> I'm using some rules with the RESP keyword for killing some
> connections - however the reset packets are sent out via the
> interface with the IP address - eth1. Any idea how I can get the
> resp packets to be sent out via the eth0 interface snort is
> actually using?
>
> Thanks,
>
> Andrew
>
> ****************************************************************
> This email and any files transmitted with it are confidential
> and intended solely for the use of the individual or entity to
> whom they are addressed. If you are not the intended recipient
> you must not use, disclose or distribute this email or any
> attachment(s). Please notify the sender immediately and then
> delete this email. All sent and received email from/to
> Innovonics Ltd is automatically scanned for the presence
> of computer viruses, security issues and inappropriate content.
> We have taken precautions to minimise the risk of transmitting
> viruses, but we advise that you carry out your own virus
> checking on this email and any attachments. If email you
> receive has a virus or contains inappropriate content please
> contact: admin at ...3020...
> ****************************************************************
>
>
> -------------------------------------------------------
> Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
> The only event dedicated to issues related to Linux enterprise solutions
> www.enterpriselinuxforum.com
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
http://cerberus.sourcefire.com/~jeff       (gpg key available)
Great spirits have always encountered violent opposition from mediocre
minds.
- Albert Einstein




More information about the Snort-users mailing list