[Snort-users] Snort "invisible"

Ricardo Pires pires-ricardo at ...1836...
Thu Sep 4 12:02:59 EDT 2003

I think you have two choices.
The first one is to do not assign an IP address to the interface, as Dan
Ferris told you.
Another way, which one I do, is to assign a completly different IP to that
Lets suppose your network has a C class 192.168.1
You can use an IP address outside this class, with no route to that IP, like

Ricardo Pires

----- Original Message ----- 
From: "Dan Ferris" <dferris at ...9997...>
To: <snort-users at lists.sourceforge.net>
Sent: Wednesday, September 03, 2003 1:13 PM
Subject: Re: [Snort-users] Snort "invisible"

Don't assign an IP address to the interfaces Snort listens on.

Be careful with Snortsam, because you can hurt yourself with it.

Daniel Hondo Tedesque wrote:

>My name and Daniel, I am implanting the Snort tool (RedHat 9,0) in the
>where work, and I structuralized the security of the following form: Will
be 3
>sensors spread in internal, external net and DMZ, each sensor have two
>interfaces where the interface eth0 will be responsible for the listening
of the
>net and the interface eth1 responsavel for the exchange of information
>the sensors, being, two distinct nets of form that the sensors are
>the net of the company. The external sensor will receive the packages
>firewall from form that in case that some activity registers suspicion,
>immediately creates a rule in firewall to block the suspicious IP
(SnortSam). It
>would like to know if ha one forms to modify stack TCP of form that the
>interfaces eth0 are inhibited of possible attacks or that they only listen
>the net, being registered for none another one does not scheme.
>Thanks, Daniel Hondo - UNOESTE - Brasil.
>UNOESTE - Universidade do Oeste Paulista
>FIPP - Faculdade de Informática de Pres. Prudente
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list