RE: Two Ethernet Interfaces?

[Security Admin <SecurityAdmin () hyprotech com>]

Hi Jeremy, there is a diagram in this paper.....

http://www.inetsecurity.info/modules.php?op=modload&name=News&file=article&s
id=1&mode=thread&order=0&thold=0

If you have the tools you can make one from scratch with the exact length
and everything, if not you can take an existing cable and snip the unneeded
wires.

-----Original Message-----
From: Jeremy Finke [mailto:Jeremy.Finke () MeridianIQ com] 
Sent: Tuesday, November 05, 2002 3:37 PM
To: Security Admin
Subject: RE: [Snort-users] Two Ethernet Interfaces?

Wayne,

May I ask how you make a one way cable?

Thanks!

Jeremy

-----Original Message-----
From: Security Admin [mailto:SecurityAdmin () hyprotech com] 
Sent: Tuesday, November 05, 2002 8:47 AM
To: 'Mike Koponick'
Cc: 'snort-users () lists sourceforge net'
Subject: RE: [Snort-users] Two Ethernet Interfaces?


Hi Mike, I run all my sensors with dual nics, but there would not be an
issue with a single nic. I use dual nics for security reasons. All
logging to my database and my access for management and maintenance is
done through 1 nic, the second nic runs in promiscuous mode and does the
logging. The promiscuous mode nic has no stack (no ip address), and
attaches to the monitored net using a one ay cable. I am also monitoring
10mbit pipes with my sensors and have no performance issues. Snort runs
in promiscuous mode when you start it, as far as I know that isn't an
option.

Cheers,
Wayne
http://www.inetsecurity.info

-----Original Message-----
From: Mike Koponick [mailto:mike () redhawk info] 
Sent: Monday, November 04, 2002 3:20 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Two Ethernet Interfaces?

I was wondering if it was absolutely necessary to have TWO ethernet
interfaces for the Snort sensor? Is this done for security or
performance issues? I would think that if you had one interface it would
work fine if there wasn't a lot of traffic. However, I would like to run
in promisc mode, as I could "catch" more traffic that way, so I would
assume if you wanted to run in promisc mode you would have to have two
ethernet interfaces, true?

Thanks in advance for you help.

Mike



-------------------------------------------------------
This SF.net email is sponsored by: ApacheCon, November 18-21 in Las
Vegas (supported by COMDEX), the only Apache event to be fully supported
by the ASF. http://www.apachecon.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm 
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users