Snort mailing list archives
Re: I think I know the answer to this, but not 100% sure
From: "Scot Scot" <scotw () hotmail com>
Date: Wed, 26 Jun 2002 18:10:48 -0500
Correct me if I'm wrong,Will not the below configuration knock your traffic down to Half-Duplex if you use a Hub instead of a tap-switch?
?????
From: Mike_Sands () elementk com To: Eric Garnel <egarnel3470 () yahoo com>CC: snort <snort-users () lists sourceforge net>,snort-users-admin () lists sourceforge net Subject: Re: [Snort-users] I think I know the answer to this, but not 100% sureDate: Wed, 26 Jun 2002 15:49:43 -0400 MIME-Version: 1.0Received: from hotmail.com ([65.54.237.38]) by hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 26 Jun 2002 15:59:00 -0700 Received: from usw-sf-list2.sourceforge.net ([216.136.171.252]) by hotmail.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 26 Jun 2002 15:49:27 -0700 Received: from usw-sf-list1-b.sourceforge.net ([10.3.1.13] helo=usw-sf-list1.sourceforge.net)by usw-sf-list2.sourceforge.net with esmtp (Exim 3.31-VA-mm2 #1 (Debian))id 17NIpg-0004wv-00; Wed, 26 Jun 2002 12:52:04 -0700 Received: from ekfwall.elementk.com ([63.162.15.250] helo=ekfwall1)by usw-sf-list1.sourceforge.net with smtp (Exim 3.31-VA-mm2 #1 (Debian))id 17NIp9-0006hU-00; Wed, 26 Jun 2002 12:51:32 -0700 Received: from no.name.available by ekfwall1 via smtpd (for usw-sf-lists.sourceforge.net [216.136.171.198]) with SMTP; 26 Jun 2002 19:50:34 UTX-Mailer: Lotus Notes Release 5.0.8 June 18, 2001 Message-ID: <OF501F557A.BDB65CC3-ON85256BE4.006CD16C () elementk com>X-MIMETrack: Serialize by Router on CANADICE/Element K(Release 5.0.10 |March 22, 2002) at 06/26/2002 03:49:59 PMSender: snort-users-admin () lists sourceforge net Errors-To: snort-users-admin () lists sourceforge net X-BeenThere: snort-users () lists sourceforge net X-Mailman-Version: 2.0.9-sf.net Precedence: bulk List-Help: <mailto:snort-users-request () lists sourceforge net?subject=help> List-Post: <mailto:snort-users () lists sourceforge net>List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request () lists sourceforge net?subject=subscribe> List-Id: Snort users talk about... Snort! <snort-users.lists.sourceforge.net> List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/snort-users>,<mailto:snort-users-request () lists sourceforge net?subject=unsubscribe>List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=snort-users> X-Original-Date: Wed, 26 Jun 2002 15:49:43 -0400 Return-Path: snort-users-admin () lists sourceforge netX-OriginalArrivalTime: 26 Jun 2002 22:49:29.0873 (UTC) FILETIME=[BB281810:01C21D63]easy question easy answer. Nope you don't need and ip on the nic. In fact it is better not to. Mike Sands Security / Network Engineer |---------+---------------------------------------> | | Eric Garnel | | | <egarnel3470 () yahoo com> | | | Sent by: | | | snort-users-admin () lists sour| | | ceforge.net | | | | | | | | | 06/26/2002 10:56 AM | | | | |---------+--------------------------------------->>------------------------------------------------------------------------------------------------------------------------------| | | | To: snort <snort-users () lists sourceforge net> | | cc: | | Fax to: | | Subject: [Snort-users] I think I know the answer to this, but not 100% sure | >------------------------------------------------------------------------------------------------------------------------------|Here is my scenario: cable modem --- pix -- internal network Here is what I want to do: PIX----internal network / cable modem ----------hub \ Snort (linux box) front nic in promiscuous mode back nic on dmz or internal This may seem like a really stupid question, but do I need to assign an ip to the front nic of the snort box if it will be running in promiscuous mode? I can;t believe that I am even asking it, hand me another twinkie __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc.Don't miss the IM event of the season | Special offer for OSDN members! JabberConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- I think I know the answer to this, but not 100% sure Eric Garnel (Jun 26)
- <Possible follow-ups>
- RE: I think I know the answer to this, but not 100% sure McCammon, Keith (Jun 26)
- Re: I think I know the answer to this, but not 100% sure Mike_Sands (Jun 26)
- Re: I think I know the answer to this, but not 100% sure Scot Scot (Jun 26)