[Snort-users] RE: Attack on snort running in Public Zone
GCraig at ...8687...
Fri Nov 14 19:53:09 EST 2003
When running Snort on a Windows 2000 machine one thing you should always do is unbind EVERYTHING from the interface that Snort is running on. This is the equivalent of running Snort in stealth mode. Snort will still be able to view and log the traffic. You will need to either view all of the log data locally or use a second interface hopefully on a completely VLAN'd subnet to send data to a centralized point or for remote viewing of logs with ACID, etc.
Hope that helps,
Quilogy - The Art & Science of Business
Atomic Security: Security for the real world
More information about the Snort-users