Re: [despammed] DSL Monitoring

[Ed McMan <essmilee () comcast net>]

You want to monitor ppp0... eth1 would be the PPPoE which I doubt snort
supports ;)
-------------------------------------------------------------
|   Eddie J Schwartz <EdMcMan () m00 net> http://www.m00.net   |
|   AIM: The Cypher ICQ: 35576339 YHOO: edmcman2 MSN: ^^    |
| "We Trills have an expression--at forty, you think you    |
| know everything.  At four hundred, you realize you know   |
|         nothing." - Dax, Star Trek Deep Space 9           |
-------------------------------------------------------------
----- Original Message -----
From: "Darren Young" <darren_young () yahoo com>
To: <snort-users () lists sourceforge net>
Sent: Sunday, May 05, 2002 12:04 PM
Subject: [despammed] [Snort-users] DSL Monitoring


> I'd like to start monitoring my home DSL connection
> with Snort, but am not sure which interface to watch.
> Sitting behind my NetDSL modem is a RedHat Linux
> system that runs PPPOE to establish a connection to
> Earthlink. The interface eth1 is physically attached
> to the DSL modem and ppp0 is the one that the PPPOE
> software brings up for the actual connection.
>
> When I apply firewall rules, I add them against the
> ppp0 interface, would I use the same one for Snort or
> the eth1 physical interface? Should I place a hub on
> the same connection as the DSL and add another
> interface just for Snort monitoring?
>
> Any pointers would be great.



_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users