Snort mailing list archives

RE: Promiscuous Mode

From: "pfeito" <pfeito () netcabo pt>
Date: Sun, 21 Mar 2004 23:27:51 -0000

Thanks!

Another thing please: How can I configure the snorts Ethernet interface to
start in promiscuous mode, or at least, to start with no defined IP address.


Right know, the TCP/IP settings on that interface are set to obtain IP via
DHCP, which it cant, because there isnt a DHCP server on that network
segment, but I'd like to change this, for security reasons. How can I do it
?

-pfeito

-----Original Message-----
From: Paul Schmehl [mailto:pauls () utdallas edu]
Sent: domingo, 21 de Março de 2004 4:40
To: pfeito; snort-users () lists sourceforge net
Subject: Re: [Snort-users] Promiscuous Mode

--On Sunday, March 21, 2004 2:08 AM +0000 pfeito <pfeito () netcabo pt>
wrote:

Hi,

I've just installed snort on fedora core 1 with MySQL and ACID.

Everything

is looking cool. I've set the IDS box outside the firewall using an HUB.

Something is bothering me though... if I do "ifconfig -a" my interface,
(which as no IP or mask set) does not show the keyword PREMISC, but

doing

tail /var/log/messages, I can see a message like "... kernel: eth0:
Setting promiscuous mode.". A quick look to ACID's data tells me that

the

interface is in fact in promiscuous mode, but shouldn't this be figured
in "ifconfig -a" ?


No.  If you look in the networking docs in /usr/share you'll see that
promisc is deprecated.  If you bring up an interface without an IP, it's
in
promiscuous mode.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu





-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Exhausted - SNORT not logging to MySQL database Your Name (Mar 20)
- Re: Exhausted - SNORT not logging to MySQL database Paul Schmehl (Mar 20)
- RE: Exhausted - SNORT not logging to MySQL database Michael Steele (Mar 20)
  - Promiscuous Mode pfeito (Mar 20)
    - Re: Promiscuous Mode Paul Schmehl (Mar 20)
    - RE: Promiscuous Mode pfeito (Mar 21)
    - RE: Promiscuous Mode Paul Schmehl (Mar 21)
    - HOME_NET var on snort.conf pfeito (Mar 21)
    - Re: HOME_NET var on snort.conf Paul Schmehl (Mar 21)
    - Re: HOME_NET var on snort.conf neil (Mar 22)
    - RE: HOME_NET var on snort.conf pfeito (Mar 22)
    - RE: HOME_NET var on snort.conf pfeito (Mar 22)
    - RE: HOME_NET var on snort.conf Michael Boman (Mar 22)
    - RE: HOME_NET var on snort.conf pfeito (Mar 25)
- RE: Exhausted - SNORT not logging to MySQL database Mark E. Donaldson (Mar 20)