Snort mailing list archives
Snort will not detect anything on stealth interface unless I assign IP
From: Rhugga <snort-list () sandiego420 com>
Date: Sat, 17 Jul 2004 12:10:25 -0700
I have attached 1 interface of from ISD box a hub containing our border router and our 2 firewalls. I bring the interface up with no IP address and snort will not start due to $eth1_ADDRESS being null.
If I assign a dummy IP address to the interface: ifconfig eth1 down ifconfig eth1 192.168.199.199 ifconfig eth1 up I can see that the interace is receiving packets (based on ifconfig -a) RX packets:33790 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:2231965 (2.1 Mb) TX bytes:0 (0.0 b) Interrupt:21 Base address:0x3400 Memory:f5104000-f5104038snort will start when eth1 has this dummy IP address but no rules are getting detected.
When I put a valid IP address on that interface in the same net as the router and firewalls, snort then starts matching rules...
How do you use a shadow interface with no IP address with snort? I am running RH 9.
Thx, rhugga ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort will not detect anything on stealth interface unless I assign IP Rhugga (Jul 17)
- Re: Snort will not detect anything on stealth interface unless I assign IP Paul Schmehl (Jul 17)
- Re: Snort will not detect anything on stealth interface unless I assign IP Matt Kettler (Jul 17)
- Re: Snort will not detect anything on stealth interface unless I assign IP Rhugga (Jul 19)
- Re: Snort will not detect anything on stealth interface unless I assign IP Paul Schmehl (Jul 19)
- Re: Snort will not detect anything on stealth Matt Kettler (Jul 19)
- Re: Snort will not detect anything on stealth interface unless I assign IP Rhugga (Jul 19)
- Re: Snort will not detect anything on stealth interface unless I assign IP Jason Haar (Jul 18)