Snort mailing list archives
Re: Snort "invisible"
From: Dan Ferris <dferris () maad com>
Date: Wed, 03 Sep 2003 10:13:47 -0600
Don't assign an IP address to the interfaces Snort listens on. Be careful with Snortsam, because you can hurt yourself with it. Daniel Hondo Tedesque wrote:
Hello My name and Daniel, I am implanting the Snort tool (RedHat 9,0) in the company where work, and I structuralized the security of the following form: Will be 3 sensors spread in internal, external net and DMZ, each sensor have two interfaces where the interface eth0 will be responsible for the listening of the net and the interface eth1 responsavel for the exchange of information between the sensors, being, two distinct nets of form that the sensors are "invisible" the net of the company. The external sensor will receive the packages before firewall from form that in case that some activity registers suspicion, immediately creates a rule in firewall to block the suspicious IP (SnortSam). It would like to know if ha one forms to modify stack TCP of form that the interfaces eth0 are inhibited of possible attacks or that they only listen to the net, being registered for none another one does not scheme. Thanks, Daniel Hondo - UNOESTE - Brasil. ------------------------------------------------- UNOESTE - Universidade do Oeste Paulista FIPP - Faculdade de Informática de Pres. Prudente ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort "invisible" Daniel Hondo Tedesque (Sep 03)
- Re: Snort "invisible" Dan Ferris (Sep 03)
- Re: Snort "invisible" Ricardo Pires (Sep 04)
- Re: Snort "invisible" Dan Ferris (Sep 04)
- Re: Snort "invisible" Ricardo Pires (Sep 04)
- <Possible follow-ups>
- RE: Snort "invisible" SecurityAdmin (Sep 08)
- Re: Snort "invisible" Dan Ferris (Sep 03)