Snort mailing list archives
Re: Snort "invisible"
From: "Ricardo Pires" <pires-ricardo () uol com br>
Date: Thu, 4 Sep 2003 13:03:35 -0300
I think you have two choices. The first one is to do not assign an IP address to the interface, as Dan Ferris told you. Another way, which one I do, is to assign a completly different IP to that interface. Lets suppose your network has a C class 192.168.1 You can use an IP address outside this class, with no route to that IP, like 1.1.1.2 Ricardo Pires ----- Original Message ----- From: "Dan Ferris" <dferris () maad com> To: <snort-users () lists sourceforge net> Sent: Wednesday, September 03, 2003 1:13 PM Subject: Re: [Snort-users] Snort "invisible" Don't assign an IP address to the interfaces Snort listens on. Be careful with Snortsam, because you can hurt yourself with it. Daniel Hondo Tedesque wrote:
Hello My name and Daniel, I am implanting the Snort tool (RedHat 9,0) in the
company
where work, and I structuralized the security of the following form: Will
be 3
sensors spread in internal, external net and DMZ, each sensor have two interfaces where the interface eth0 will be responsible for the listening
of the
net and the interface eth1 responsavel for the exchange of information
between
the sensors, being, two distinct nets of form that the sensors are
"invisible"
the net of the company. The external sensor will receive the packages
before
firewall from form that in case that some activity registers suspicion, immediately creates a rule in firewall to block the suspicious IP
(SnortSam). It
would like to know if ha one forms to modify stack TCP of form that the interfaces eth0 are inhibited of possible attacks or that they only listen
to
the net, being registered for none another one does not scheme. Thanks, Daniel Hondo - UNOESTE - Brasil. ------------------------------------------------- UNOESTE - Universidade do Oeste Paulista FIPP - Faculdade de Informática de Pres. Prudente ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort "invisible" Daniel Hondo Tedesque (Sep 03)
- Re: Snort "invisible" Dan Ferris (Sep 03)
- Re: Snort "invisible" Ricardo Pires (Sep 04)
- Re: Snort "invisible" Dan Ferris (Sep 04)
- Re: Snort "invisible" Ricardo Pires (Sep 04)
- <Possible follow-ups>
- RE: Snort "invisible" SecurityAdmin (Sep 08)
- Re: Snort "invisible" Dan Ferris (Sep 03)