RE: snort on stealth mode

[jan () radio hundert6 de]

> I just started working on snort, wondering how to make snort
> box in stealth mode ?

Take two NICs. One is configured as usual, the other goes up,
but doesn't get an IP address assigned to it. When you put that
interface in promiscuous mode, it accepts every ethernet frame
that passes its way. Naturally, you'll need a hub for that or
place the thing on a monitoring port on your switch, if you have
such a thing. 

For moderate uplink speeds, placing a good hub between border
router and firewall shouldn't be too troublesome. Works fine for
me with a 2048 kbit/s Primärmultiplexanschluss (whatever that
may be in English ;o)). 

If you're hardcore, you may also crimp a read-only cat 5 cable. 

Cheers, Jan
-- 
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther () radio hundert6 de

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users