Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: (no subject)

From: Saad Kadhi <bsdguy () docisland org>
Date: 15 Jan 2002 17:30:24 +0100
On Tue, 2002-01-15 at 16:29, charley pfaff wrote:

I am plannning on putting a snort IDS before and after my firewall. The 
question is do I have to give the IDS outside one of our external IP's or 
can I throw a dummy ip on it just to monitor traffic. Oh yeah just incase 
you need to know it will be running rh7.1 hardened with NSA linux.

you don't need an IP at all. Just put your listening interface in
so-called promiscuous mode by "up"-ing that if: ifconfig ext_if up or
ifconfig ext_if 0.0.0.0 up. If you need to administer the snort boxen
from remote, put a second nic & hook it to a dedicated admin network for
example. 

OT: sow how is NSA linux ? 

-- 
/Saad --  [bsdguy () docisland org] 
[pgp keyid: 35592A6D http://pgp.mit.edu]
# buy a geek-in-a-can, point nozzle at technical problem and spray
# if desesperate degauss your screen. it might solve your pb as well


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: