[Snort-users] RE: Attack on snort running in Public Zone

Geoff Craig GCraig at ...8687...
Fri Nov 14 19:53:09 EST 2003


Hello,
 
When running Snort on a Windows 2000 machine one thing you should always do is unbind EVERYTHING from the interface that Snort is running on.  This is the equivalent of running Snort in stealth mode.  Snort will still be able to view and log the traffic.  You will need to either view all of the log data locally or use a second interface hopefully on a completely VLAN'd subnet to send data to a centralized point or for remote viewing of logs with ACID, etc.
 
Hope that helps,
 
Geoff Craig
Infrastructure Architect/Engineer
Quilogy - The Art & Science of Business
Atomic Security: Security for the real world




More information about the Snort-users mailing list