Snort mailing list archives
Stealth sniffing and and bridging networks
From: "Watson, Ed" <EWatson () lightspan com>
Date: Tue, 28 Oct 2003 08:58:40 -0800
Hello Everyone, I'd like to pose this question with accompanying details. I have: RH7.2 / 2.4.20-20.7smp 3 Nic's (1 built-in / 1 dual port) Snort 2.0.2 /ACID/Mysql The built-in nic has and internal IP. The Dual port, neither nic has an IP (Stealth Mode) listening in promisc. Built-in NIC ---- internal IP / internal switch Dual Port ---- DMZ / NO-IP(Stealth/promisc) \---- Internal switch / NO-IP(Stealth/promisc) I'd like to manage the snort box from internal IP console but stealthfully sniff the DMZ (Cisco 3548/ using 'port monitor') and traffic flowing in/out of the main LAN at the firewall (Cisco 6006/using 'span' disallowing regular traffic to that port). I'd like to make this work without "bridging" the networks or reducing the risk to an acceptable level? I've tested the read-only cable but read some stories about switches having problems dealing them. Is it possible to do this with minimal risk? Thanks all, Ed ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stealth sniffing and and bridging networks Watson, Ed (Oct 28)
- <Possible follow-ups>
- Stealth sniffing and and bridging networks Marc Quibell (Oct 28)