[Snort-users] Snort "invisible"

Ricardo Pires pires-ricardo at ...1836...
Thu Sep 4 12:02:59 EDT 2003


I think you have two choices.
The first one is to do not assign an IP address to the interface, as Dan
Ferris told you.
Another way, which one I do, is to assign a completly different IP to that
interface.
Lets suppose your network has a C class 192.168.1
You can use an IP address outside this class, with no route to that IP, like
1.1.1.2

Ricardo Pires

----- Original Message ----- 
From: "Dan Ferris" <dferris at ...9997...>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, September 03, 2003 1:13 PM
Subject: Re: [Snort-users] Snort "invisible"


Don't assign an IP address to the interfaces Snort listens on.

Be careful with Snortsam, because you can hurt yourself with it.

Daniel Hondo Tedesque wrote:

>Hello
>
>My name and Daniel, I am implanting the Snort tool (RedHat 9,0) in the
company
>where work, and I structuralized the security of the following form: Will
be 3
>sensors spread in internal, external net and DMZ, each sensor have two
>interfaces where the interface eth0 will be responsible for the listening
of the
>net and the interface eth1 responsavel for the exchange of information
between
>the sensors, being, two distinct nets of form that the sensors are
"invisible"
>the net of the company. The external sensor will receive the packages
before
>firewall from form that in case that some activity registers suspicion,
>immediately creates a rule in firewall to block the suspicious IP
(SnortSam). It
>would like to know if ha one forms to modify stack TCP of form that the
>interfaces eth0 are inhibited of possible attacks or that they only listen
to
>the net, being registered for none another one does not scheme.
>
>Thanks, Daniel Hondo - UNOESTE - Brasil.
>
>
>-------------------------------------------------
>UNOESTE - Universidade do Oeste Paulista
>FIPP - Faculdade de Informática de Pres. Prudente
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>http://thinkgeek.com/sf
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=ort-users
>
>
>



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list