Snort mailing list archives
promiscious mode..and stuff.
From: "Franki" <franki () gshop com au>
Date: Tue, 10 Jul 2001 09:18:56 +0800
Hi all, I installed snort on one of my box's to get the hang of it before putting it on all my box's This box in question is permanently connected via ppp (56k dialup) can snort work in conjunction with ppp0 (I noticed in the conf that it is setup to use eth0 as default. secondly, can it be on the same machine as the firewall ? thirdly, because I didn't have time to mess around with it(and it wasn't connfigured.), I didn't actually start snort, so I was suprised to find that my eth0 had gone into promiscious mode.. since snort wasn't running.. Is that normal? One last thing, is there a really simple neatly explained the config of snort? I couldn't find anything like that on the site,, stuff like "how to update rules" "how to setup sensors and the benefits/downsides of putting them XXX" "Do's and don'ts.." "What rules do I need and don't, and how to let snort know" anything like that... up till now, I just keep the servers up to date, write an ipchains and ipmasqadm firewall and use portsentry and tripwire... I was hoping to add Snort to the list as well. .(I am getting more paranoid all the time.) Is there a HowToo for snort? (apart from writeups in emags, as they always use only one config and don't explain anything...) Does Snort do anything when it encounters an alert? (ie like portsentry, block the ip, and add it to hosts.deny) Sorry for asking so many questions, I spent ages reading the site, and about 5 mags on the subject and none were "all encompasing" so I have many questions.... :-) Many thanks and kindest regards Frank Perth Western Australia. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort-users digest, Vol 1 #787 - 8 msgs ORA (Jul 09)
- promiscious mode..and stuff. Franki (Jul 09)