Snort mailing list archives
Re: Snort.conf & stealth mode
From: Erek Adams <erek () snort org>
Date: Fri, 23 May 2003 20:33:57 -0400 (EDT)
On Fri, 23 May 2003, francesco wrote:
My question is slightly different: - Is it required any special setting of the VAR interface address (for a stealth mode card) or just run it the way it is?
I'm assuming you mean the value of HOME_NET. :) HOME_NET should be set to the value of the network that you are watching.
-BTW is it necessary to specify the promisc option for the ifconfig activation command?
No. Not unless you're using a Linux 2.4.?? (I can't recall)... Promisc mode is a flag in that kernel. Once you turn it set the bit, the next time you set that bit, it's turned off.
I am confused, as there is very little about that (also the FAQ 3.1 & 3.29 goes straight through this but the snort.conf file is not mentioned at all).
The info in snort.conf usally only has info that pertains to operation of Snort. Setting the interface to promisc is something that deals with the Network/OS. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: ObjectStore. If flattening out C++ or Java code to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software. http://www.objectstore.net/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort.conf & stealth mode francesco (May 19)
- <Possible follow-ups>
- Snort.conf & stealth mode francesco (May 23)
- Re: Snort.conf & stealth mode Demetri Mouratis (May 23)
- Re: Snort.conf & stealth mode Erek Adams (May 23)