Snort mailing list archives

Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp

From: Dragos Ruiu <dr () kyx net>
Date: Wed, 9 Oct 2002 13:41:26 +0000

On October 9, 2002 08:23 pm, Dave Thornburgh wrote:

John -

Thanks for the file.  In the extracted folder I've got (the NT version),
there is absolutely NO documentation.

Everyone else:

While John did get me the M to RTF, it is extremely sparse, and doesn't
begin to address the interaction of flexresp with stealth sniffing.  Is
anybody out there using it yet?  Or, from another angle, does anybody know
if it's possible to transmit packets from an interface that has no IP
address assigned?


Interesting question. If you are using a tap it's not possible AFAIK
Prolbably depends on specific investigation of the "stealth" tap tho.

Check the FAQ. Download the source tarball with docs.

cheers,
--dr

-- 
dr () kyx net   pgp: http://dragos.com/kyxpgp
Advance CanSecWest/03 registration available: http://cansecwest.com
"The question of whether computers can think is like the question
  of whether submarines can swim." --Edsger Wybe Dijkstra 1930-2002



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Newbie questions, Snort on NT, stealth mode vs react/flexresp Dave Thornburgh (Oct 09)
- <Possible follow-ups>
- Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Dave Thornburgh (Oct 09)
  - Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Dragos Ruiu (Oct 09)
    - Re: Newbie questions, Snort on NT, stealth mode vs react/flexresp Frank Knobbe (Oct 09)