[Snort-users] Unclear on active response MAC address
research at ...17107...
Tue Mar 3 09:41:46 EST 2015
Under the active response section in the Snort 184.108.40.206 manual, I see the syntax for configuring sniping in passive mode is:
config response: [device <dev>] [dst_mac <MAC address>] attempts <att>
I don’t understand the purpose of being able to configure the destination MAC address. Does that change the MAC address in the frames that are sent as sniping runs and if so, why would I be concerned with that being something configurable ?
More information about the Snort-users