Snort mailing list archives
Methodology Verification
From: "John Cherbini" <cherbini () dakotacom net>
Date: Tue, 14 Jan 2003 19:40:20 -0700
Hello everyone... I just set up a couple of machines using the *excellent* documentation at: http://www.superhac.com/snort/ I have the web server and snort running on one machine, logging to another machine running the mysql stuff. I'm using both snortcenter and ACID. Everything except the PHPLOT is working very well. My question is this: I'm setting up a testing network that does not have a firewall. I basically want a snort machine with the external net on one side, and the victim on the other side. I really just want to be able to see the attacks that take place on the victim. Currently, the external interface on the snort box is getting a DHCP address. I want the snort box to basically be invisible. I understand that this can happen in a number of ways.. Am I looking at doing NAT to an internal subnet (the victim)? Using IPTables, etc.... Can I make snort transparent enough so that the victim machine will be able to pull it's own DHCP address on the external subnet? (a la hogwash?) Does the snort-inline do what I'm looking for? It seems to be the same thing as hogwash, is this correct? The only real information I can find on inline is the recently released toolkit for the honeynet project. I basically have a logical gap in reasoning here. Can anyone point me to a doc that will clear this up? Have any suggestions on how to make the snort box relatively transparent? Thanks for any tips!! John Cherbini
Current thread:
- Methodology Verification John Cherbini (Jan 14)
- Re: Methodology Verification seclists (Jan 15)
- Re: Methodology Verification Erek Adams (Jan 15)
- RE: Methodology Verification John Cherbini (Jan 15)
- <Possible follow-ups>
- RE: Methodology Verification John Cherbini (Jan 14)