Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Stealth sniffing and and bridging networks

From: "Watson, Ed" <EWatson () lightspan com>
Date: Tue, 28 Oct 2003 08:58:40 -0800
Hello Everyone,
        I'd like to pose this question with accompanying details.

I have:

RH7.2 / 2.4.20-20.7smp
3 Nic's (1 built-in / 1 dual port)
Snort 2.0.2 /ACID/Mysql

The built-in nic has and internal IP.
The Dual port, neither nic has an IP (Stealth Mode) listening in promisc.

                        Built-in NIC ---- internal IP / internal switch

                        Dual Port ---- DMZ / NO-IP(Stealth/promisc)
                                    \---- Internal switch /
NO-IP(Stealth/promisc)
                  

I'd like to manage the snort box from internal IP console but stealthfully
sniff the DMZ (Cisco 3548/ using 'port monitor') and traffic flowing in/out
of the main LAN at the firewall (Cisco 6006/using 'span' disallowing regular
traffic to that port). 

I'd like to make this work without "bridging" the networks or reducing the
risk to an acceptable level? I've tested the read-only cable but read some
stories about switches having problems dealing them. Is it possible to do
this with minimal risk?

Thanks all,

Ed


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: