promiscious mode..and stuff.

["Franki" <franki () gshop com au>]

Hi all,

I installed snort on one of my box's to get the hang of it before putting it
on all my box's

This box in question is permanently connected via ppp (56k dialup)

can snort work in conjunction with ppp0 (I noticed in the conf that it is
setup to use eth0 as default.

secondly, can it be on the same machine as the firewall ?

thirdly, because I didn't have time to mess around with it(and it wasn't
connfigured.), I didn't actually start snort, so I was suprised to find that
my eth0 had gone into promiscious mode.. since snort wasn't running..

Is that normal?

One last thing, is there a really simple neatly explained the config of
snort? I couldn't find anything like that on the site,, stuff like "how to
update rules"

                        "how to setup sensors and the benefits/downsides of putting them XXX"

                        "Do's and don'ts.."

                        "What rules do I need and don't, and how to let snort know"

anything like that... up till now, I just keep the servers up to date, write
an ipchains and ipmasqadm firewall and use portsentry and tripwire...

I was hoping to add Snort to the list as well. .(I am getting more paranoid
all the time.)

Is there a HowToo for snort? (apart from writeups in emags, as they always
use only one config and don't explain anything...)
Does Snort do anything when it encounters an alert?  (ie like portsentry,
block the ip, and add it to hosts.deny)

Sorry for asking so many questions, I spent ages reading the site, and about
5 mags on the subject and none were "all encompasing" so I have many
questions.... :-)

Many thanks and kindest regards

Frank

Perth
Western Australia.














_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users