[Snort-users] Snort "invisible"

Dan Ferris dferris at ...9997...
Wed Sep 3 09:09:09 EDT 2003

Don't assign an IP address to the interfaces Snort listens on.

Be careful with Snortsam, because you can hurt yourself with it.

Daniel Hondo Tedesque wrote:

>My name and Daniel, I am implanting the Snort tool (RedHat 9,0) in the company
>where work, and I structuralized the security of the following form: Will be 3
>sensors spread in internal, external net and DMZ, each sensor have two
>interfaces where the interface eth0 will be responsible for the listening of the
>net and the interface eth1 responsavel for the exchange of information between
>the sensors, being, two distinct nets of form that the sensors are "invisible"
>the net of the company. The external sensor will receive the packages before
>firewall from form that in case that some activity registers suspicion,
>immediately creates a rule in firewall to block the suspicious IP (SnortSam). It
>would like to know if ha one forms to modify stack TCP of form that the
>interfaces eth0 are inhibited of possible attacks or that they only listen to
>the net, being registered for none another one does not scheme.
>Thanks, Daniel Hondo - UNOESTE - Brasil.
>UNOESTE - Universidade do Oeste Paulista
>FIPP - Faculdade de Informática de Pres. Prudente
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

More information about the Snort-users mailing list