Snort mailing list archives
Re: Sniffing on eth0 and reseting on eth1
From: "Dave Thornburgh" <dave_thornburgh () hotmail com>
Date: Mon, 25 Nov 2002 13:01:09 -0800
"Chris Green" <cmg () snort org> wrote...
"¤" <nico33b () yahoo fr> writes:Hello, I would like to know if it is possible to start snort sniffing on a specific ethernet interface (for example eth0) and configuring it to send TCP_RST via another interface (for example eth1).The libnet stuff follows default routing rules so that's actually the way it has to work if eth0 is stealth :)
So, does that mean that if eth0 is stealth, and eth1 is connected to an isolated snort-management-lan (not able to see the segment that eth0 is connected to, and not connected into my main lan), that flex_resp resets cannot be sent at all? I was about to install a few sensors in our lan, but since one of them will be outside the firewall and two of them will be in DMZ's, I wanted to keep the logging to mysql (for ACID) and the SnortCenter traffic in a disconnected lan - I thought that was the only way I'd be safe from any of these boxes being hacked. Have I missed something? An earlier message and response implied that the resets could go out the stealthed interface. Dave Thornburgh ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Sniffing on eth0 and reseting on eth1 ¤ (Nov 20)
- Re: Sniffing on eth0 and reseting on eth1 Demetri Mouratis (Nov 20)
- Re: Sniffing on eth0 and reseting on eth1 Chris Green (Nov 21)
- Re: Sniffing on eth0 and reseting on eth1 ¤ (Nov 21)
- Re: Sniffing on eth0 and reseting on eth1 Dave Thornburgh (Nov 25)