[Snort-users] Snort "invisible"

SecurityAdmin at ...7345... SecurityAdmin at ...7345...
Mon Sep 8 20:49:27 EDT 2003

You need to run in stealth mode. 

On interface eth0 you need to set it to have no IP in the stack. In rc.conf
you need to have


Then before you start snort you need to do 

#ifconfig eth0 up

to bring up the NIC card.

-----Original Message-----
From: Daniel Hondo Tedesque [mailto:danielhondo at ...10023...] 
Sent: Tuesday, September 02, 2003 4:02 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort "invisible"


My name and Daniel, I am implanting the Snort tool (RedHat 9,0) in the
where work, and I structuralized the security of the following form: Will be
sensors spread in internal, external net and DMZ, each sensor have two
interfaces where the interface eth0 will be responsible for the listening of
net and the interface eth1 responsavel for the exchange of information
the sensors, being, two distinct nets of form that the sensors are
the net of the company. The external sensor will receive the packages before
firewall from form that in case that some activity registers suspicion,
immediately creates a rule in firewall to block the suspicious IP
(SnortSam). It
would like to know if ha one forms to modify stack TCP of form that the
interfaces eth0 are inhibited of possible attacks or that they only listen
the net, being registered for none another one does not scheme.

Thanks, Daniel Hondo - UNOESTE - Brasil.

UNOESTE - Universidade do Oeste Paulista
FIPP - Faculdade de Informática de Pres. Prudente

This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list