[Snort-users] Snort "invisible"

Dan Ferris dferris at ...9997...
Wed Sep 3 09:09:09 EDT 2003


Don't assign an IP address to the interfaces Snort listens on.

Be careful with Snortsam, because you can hurt yourself with it.

Daniel Hondo Tedesque wrote:

>Hello
>
>My name and Daniel, I am implanting the Snort tool (RedHat 9,0) in the company
>where work, and I structuralized the security of the following form: Will be 3
>sensors spread in internal, external net and DMZ, each sensor have two
>interfaces where the interface eth0 will be responsible for the listening of the
>net and the interface eth1 responsavel for the exchange of information between
>the sensors, being, two distinct nets of form that the sensors are "invisible"
>the net of the company. The external sensor will receive the packages before
>firewall from form that in case that some activity registers suspicion,
>immediately creates a rule in firewall to block the suspicious IP (SnortSam). It
>would like to know if ha one forms to modify stack TCP of form that the
>interfaces eth0 are inhibited of possible attacks or that they only listen to
>the net, being registered for none another one does not scheme.
>
>Thanks, Daniel Hondo - UNOESTE - Brasil.
>
>
>-------------------------------------------------
>UNOESTE - Universidade do Oeste Paulista
>FIPP - Faculdade de Informática de Pres. Prudente
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=ort-users
>
>  
>





More information about the Snort-users mailing list