[Snort-users] Snort "invisible"

SecurityAdmin at ...7345... SecurityAdmin at ...7345...
Mon Sep 8 20:49:27 EDT 2003


You need to run in stealth mode. 

On interface eth0 you need to set it to have no IP in the stack. In rc.conf
you need to have

ifconfig_eth0=""

Then before you start snort you need to do 

#ifconfig eth0 up

to bring up the NIC card.

-----Original Message-----
From: Daniel Hondo Tedesque [mailto:danielhondo at ...10023...] 
Sent: Tuesday, September 02, 2003 4:02 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort "invisible"


Hello

My name and Daniel, I am implanting the Snort tool (RedHat 9,0) in the
company
where work, and I structuralized the security of the following form: Will be
3
sensors spread in internal, external net and DMZ, each sensor have two
interfaces where the interface eth0 will be responsible for the listening of
the
net and the interface eth1 responsavel for the exchange of information
between
the sensors, being, two distinct nets of form that the sensors are
"invisible"
the net of the company. The external sensor will receive the packages before
firewall from form that in case that some activity registers suspicion,
immediately creates a rule in firewall to block the suspicious IP
(SnortSam). It
would like to know if ha one forms to modify stack TCP of form that the
interfaces eth0 are inhibited of possible attacks or that they only listen
to
the net, being registered for none another one does not scheme.

Thanks, Daniel Hondo - UNOESTE - Brasil.


-------------------------------------------------
UNOESTE - Universidade do Oeste Paulista
FIPP - Faculdade de Informática de Pres. Prudente


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list