[Snort-users] Snort will not detect anything on stealth interface unless I assign IP
mkettler at ...4108...
Sat Jul 17 13:49:08 EDT 2004
At 03:10 PM 7/17/2004, Rhugga wrote:
>I have attached 1 interface of from ISD box a hub containing our border
>router and our 2 firewalls. I bring the interface up with no IP address
>and snort will not start due to $eth1_ADDRESS being null.
What are you using $eth1_address for? your HOME_NET?
if you set the eth1 interface to an invalid dummy address, and then try to
use that dummy address for HOME_NET, of course no rules will match, because
none of the traffic on your wire is in HOME_NET.
Edit your snort.conf to not use the interface address macros when doing
More information about the Snort-users