Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Configuration issue, Part II

From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 24 Sep 2001 06:31:14 -0700 (PDT)
On Mon, 24 Sep 2001, DJDave Sobel wrote:

[...snip...]


How do you specify which interface to use?


Chris has already gotcha fixed up on this.... :)


And of more importance to me, how do you specify binding to multiple
interfaces?  I'd like it to be watching traffic to all the internal
networks, not just one... (that way, I can see what ipchains missed..)


Well...  Yes.  :-/  If you want to see _every_ tiny packet, you will need to
drop off the firewall rules.  Then snort could see any traffic flowing at the
box.

Suggestion:  Have a look at hogwash.  It's not a firewall, it's a packet
scrubber.  You can take packets and massage them a bit, drop them, reset,
almost anything you want....  http://snort.sourcefire.com/downloads.html#4.12

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: