[Snort-users] Snort will not detect anything on stealth interface unless I assign IP
snort-list at ...12135...
Sat Jul 17 12:11:07 EDT 2004
I have attached 1 interface of from ISD box a hub containing our border
router and our 2 firewalls. I bring the interface up with no IP address
and snort will not start due to $eth1_ADDRESS being null.
If I assign a dummy IP address to the interface:
ifconfig eth1 down
ifconfig eth1 192.168.199.199
ifconfig eth1 up
I can see that the interace is receiving packets (based on ifconfig -a)
RX packets:33790 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:2231965 (2.1 Mb) TX bytes:0 (0.0 b)
Interrupt:21 Base address:0x3400 Memory:f5104000-f5104038
snort will start when eth1 has this dummy IP address but no rules are
When I put a valid IP address on that interface in the same net as the
router and firewalls, snort then starts matching rules...
How do you use a shadow interface with no IP address with snort? I am
running RH 9.
More information about the Snort-users