Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort will not detect anything on stealth interface unless I assign IP

From: Matt Kettler <mkettler () evi-inc com>
Date: Sat, 17 Jul 2004 15:53:06 -0400
At 03:10 PM 7/17/2004, Rhugga wrote:
I have attached 1 interface of from ISD box a hub containing our border router and our 2 firewalls. I bring the interface up with no IP address and snort will not start due to $eth1_ADDRESS being null. 

What are you using $eth1_address for? your HOME_NET?
if you set the eth1 interface to an invalid dummy address, and then try to use that dummy address for HOME_NET, of course no rules will match, because none of the traffic on your wire is in HOME_NET.
Edit your snort.conf to not use the interface address macros when doing stealth interfaces. 



-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: