RE: stealth interface

["Wirth, Jeff" <WirthJe () DNB com>]

From: Dallas Jordan [mailto:DJordan () sawgrassink com]
 
> I am pretty new to snort, so forgive my ignorance.  I have 
> FreeBSD 4.5 and
> Snort 1.8.1.  I am trying to set Snort up to monitor an 
> interface with no IP


I would upgrade to 1.8.7...lots of fixes


> address.  But I cant seem to get it to log anything to the 
> /var/log/snort
> directory.  When I start Snort everything appears to be fine. 
>  I use the -v
> flag to see if it is "seeing" anything, and I can see lots of 

<snip>

> !$HOME_NET.  Don't know if that helps anyone.  I also have 
> another NIC with
> a IP address that I will use to access the snort box.  If I 
> set up snort to
> monitor this interface, it works as it should.  Everything 
> gets logged into


How is your first nic configured in rc.conf?  Does ifconfig report the nic
as up?


> directories according to IP addresses.  I also have a rule 
> that alerts to
> all TCP traffic, just to check if SnortSnarf is working 
> correctly with my
> alert file.  When Snort is monitoring the interface with no 
> IP no alerts are
> logged.  But they are logged, when monitoring the interface 
> with an IP.  I
> am sure it is something simple I'm missing, but I cant figure it out.
> Thanks for any help you can give.  


sounds OS related to me.

- Jeff


-------------------------------------------------------
This sf.net email is sponsored by: DEDICATED SERVERS only $89!
Linux or FreeBSD, FREE setup, FAST network. Get your own server 
today at http://www.ServePath.com/indexfm.htm
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users