Re: Snort.conf & stealth mode

[Erek Adams <erek () snort org>]

On Fri, 23 May 2003, francesco wrote:

> My question is slightly different:
> - Is it required any special setting of the VAR interface address (for a
> stealth mode card) or just run it the way it is?

I'm assuming you mean the value of HOME_NET.  :)

HOME_NET should be set to the value of the network that you are watching.

> -BTW is it necessary to specify the promisc option for the ifconfig
> activation command?

No.  Not unless you're using a Linux 2.4.?? (I can't recall)...  Promisc
mode is a flag in that kernel.  Once you turn it set the bit, the next
time you set that bit, it's turned off.

> I am confused, as there is very little about that (also the FAQ 3.1 & 3.29
> goes straight through this but the snort.conf file is not mentioned at all).

The info in snort.conf usally only has info that pertains to operation of
Snort.  Setting the interface to promisc is something that deals with the
Network/OS.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: ObjectStore.
If flattening out C++ or Java code to make your application fit in a
relational database is painful, don't do it! Check out ObjectStore.
Now part of Progress Software. http://www.objectstore.net/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users