Snort mailing list archives
Re: Two Ethernet Interfaces?
From: "Justin Jessup" <jaager7 () earthlink net>
Date: Tue, 5 Nov 2002 01:13:39 +0000 (GMT)
no you do not have to have two nics if you want to set things up so hackers cannot find where snort is runing from then nic1 runs snort nic2 dumps the alert data to a syslog server or a sql database nic1 does not have an IP address under unix you bring the nic1 up # ifconfig eth0 up nic2 has an IP address so you can admin the system runnin snort remotely jj JUSTIN JESSUP Peter Param <pparam () stvincents com au> wrote: __________
Not really, you should be able to run off a single nic quite nicely - if the combined traffic on switched port is not more than what your lan card can take. You should also be able to snort off several nics if you have several segments. cheers -Peter"Mike Koponick" <mike () redhawk info> 11/05/02 09:28 AM >>>I was wondering if it was absolutely necessary to have TWO ethernet interfaces for the Snort sensor? Is this done for security or performance issues? I would think that if you had one interface it would work fine if there wasn't a lot of traffic. However, I would like to run in promisc mode, as I could "catch" more traffic that way, so I would assume if you wanted to run in promisc mode you would have to have two ethernet interfaces, true? Thanks in advance for you help. Mike ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been virus scanned and although no viruses were detected by the system, St Vincent's Hospital accepts no liability for any consequential damage resulting from email containing any computer viruses. ********************************************************************** ------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: ApacheCon, November 18-21 in Las Vegas (supported by COMDEX), the only Apache event to be fully supported by the ASF. http://www.apachecon.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Two Ethernet Interfaces? Peter Param (Nov 04)
- <Possible follow-ups>
- RE: Two Ethernet Interfaces? Scott, Joshua (Nov 04)
- RE: Two Ethernet Interfaces? Mike Koponick (Nov 04)
- Re: Two Ethernet Interfaces? Justin Jessup (Nov 04)
- RE: Two Ethernet Interfaces? Security Admin (Nov 05)
- RE: Two Ethernet Interfaces? Security Admin (Nov 06)