Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Attack on snort running in Public Zone

From: "Geoff Craig" <GCraig () quilogy com>
Date: Fri, 14 Nov 2003 21:52:15 -0600
Hello,
 
When running Snort on a Windows 2000 machine one thing you should always do is unbind EVERYTHING from the interface 
that Snort is running on.  This is the equivalent of running Snort in stealth mode.  Snort will still be able to view 
and log the traffic.  You will need to either view all of the log data locally or use a second interface hopefully on a 
completely VLAN'd subnet to send data to a centralized point or for remote viewing of logs with ACID, etc.
 
Hope that helps,
 
Geoff Craig
Infrastructure Architect/Engineer
Quilogy - The Art & Science of Business
Atomic Security: Security for the real world


-------------------------------------------------------
This SF. Net email is sponsored by: GoToMyPC
GoToMyPC is the fast, easy and secure way to access your computer from
any Web browser or wireless device. Click here to Try it Free!
https://www.gotomypc.com/tr/OSDN/AW/Q4_2003/t/g22lp?Target=mm/g22lp.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: