Snort mailing list archives
RE: firewall and snort on the same machine
From: Dragos Ruiu <dr () kyx net>
Date: Wed, 15 Aug 2001 21:55:55 -0700
On Wed, 15 Aug 2001, Martijn Heemels wrote:
In my logs I don't see the "eth1 has entered promiscuous mode" message that other people are reporting. How can I enable that option?
I believe this is dependent on the kind fo nic driver you use and OS... I thought all the os/nic-driver combos logged promiscuous mode to syslog but.... apparently not. Normally just using snort is enough to make libpcap put the driver in this mode... This should also be a FAQ question/answer (he says going over to a vi window): No, placing your driver in promiscuous mode does not constiture a major security risk. It _will_ slighltly increase cpu utilization dependent on network load as the cpu no longer filters some packets at the nic and processes them all, but is not a cause for undue security alarm with typical, fairly robust, network stacks. cheers, --dr _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- firewall and snort on the same machine Mohr, Stefan (Aug 15)
- RE: firewall and snort on the same machine John Berkers (Aug 15)
- RE: firewall and snort on the same machine Martijn Heemels (Aug 15)
- RE: firewall and snort on the same machine Dragos Ruiu (Aug 15)
- RE: firewall and snort on the same machine John Berkers (Aug 16)
- RE: firewall and snort on the same machine Martijn Heemels (Aug 15)
- RE: firewall and snort on the same machine John Berkers (Aug 15)