Re: does snort detect !

[Matt Kettler <mkettler () evi-inc com>]

At 07:14 AM 11/14/2003, Rahul wrote:
> Does snort detect intrusion of other machine(i.e X machine which is try to
> attack by someone) that belong to same network where snort runs. if so how
> to test the same.
> Any help would be greatly appriciated.

Snort monitors the network in promiscuous mode.. anything that comes by 
it's ethernet port, wether addressed to the snort box or not, will be 
analyzed. However, if you're using ethernet switches, the very nature of a 
switch will prevent the snort box from seeing traffic to other machines 
unless you configure a mirror port, or add a tap somewhere.

In general the snort rules are set up to monitor for attacks coming from 
any machine in EXTERNAL_NET going to any machine in HOME_NET. For debugging 
purposes setting both of these to "any" is a good starting point..

So, provided your connection is right, and your variables are set right, 
snort should monitor for attacks on other machines in your network.




-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users