[Snort-users] does snort detect !
mkettler at ...4108...
Fri Nov 14 09:11:13 EST 2003
At 07:14 AM 11/14/2003, Rahul wrote:
>Does snort detect intrusion of other machine(i.e X machine which is try to
>attack by someone) that belong to same network where snort runs. if so how
>to test the same.
>Any help would be greatly appriciated.
Snort monitors the network in promiscuous mode.. anything that comes by
it's ethernet port, wether addressed to the snort box or not, will be
analyzed. However, if you're using ethernet switches, the very nature of a
switch will prevent the snort box from seeing traffic to other machines
unless you configure a mirror port, or add a tap somewhere.
In general the snort rules are set up to monitor for attacks coming from
any machine in EXTERNAL_NET going to any machine in HOME_NET. For debugging
purposes setting both of these to "any" is a good starting point..
So, provided your connection is right, and your variables are set right,
snort should monitor for attacks on other machines in your network.
More information about the Snort-users