Snort mailing list archives
RE: [Newbie] Promiscuous Mode
From: Joshua Wright <Joshua.Wright () jwu edu>
Date: Thu, 1 Nov 2001 09:05:44 -0500
Tom, If someone compromised your snort machine, they would be able to see all the same traffic that Snort sees (of course). This would be a very "Bad Thing" (tm, Erek Adams, 2001). It is _critical_ to properly secure your Snort machine - see the FAQ for information on setting up a stealth interface, or an interface with no IP address. A wealth of helpful resources are available in the SANS GIAC practicals at http://www.sans.org/giactc.htm. -Joshua Wright Team Leader, Networks and Systems Johnson & Wales University Joshua.Wright () jwu edu pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73 fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73 -----Original Message----- From: Tom Beer [mailto:mailings () analogon com] Sent: Thursday, November 01, 2001 8:24 AM To: snort-users () lists sourceforge net Subject: [Snort-users] [Newbie] Promiscuous Mode Hi, if I run snort on an external interface attached to bad world out there :-) isn't this interface set into promisuous mode, so that an bad guy may read all the data passing on that interface? Thanks Tom _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- [Newbie] Promiscuous Mode Tom Beer (Nov 01)
- <Possible follow-ups>
- RE: [Newbie] Promiscuous Mode Joshua Wright (Nov 01)