Snort mailing list archives
no_promisc option
From: counter.spy () gmx de
Date: Mon, 25 Mar 2002 14:19:34 +0100 (MET)
Short question, easy to answer (I hope): Can the -p option (disable promisc mode) be used in order to run snort as a NNIDS? (NNIDS == Network Node Intrusion Detection System, in my understanding a host IDS that uses stack-based attack recognition instead of system logs or application logfiles) If so, is there a way to install Snort as NNIDS without having to install libpcap (for *nix) or winpcap (for Windoze boxes)? The reason for this question is, I am playing around with the idea of using snort as NNIDS on ISA Server or Exchange Server, but I don't like to have a promiscuous mode device on a productive server. Thanks! Greetings, D.Liesen -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- no_promisc option counter . spy (Mar 25)