Snort mailing list archives
Re: Methodology Verification
From: Erek Adams <erek () snort org>
Date: Wed, 15 Jan 2003 09:04:52 -0500 (EST)
On Tue, 14 Jan 2003, John Cherbini wrote: [...snip...]
I'm setting up a testing network that does not have a firewall. I basically want a snort machine with the external net on one side, and the victim on the other side. I really just want to be able to see the attacks that take place on the victim.
Well... Easy enough. Simply plug everything into a cheap hub. One interface on the Snort box would see everthing on the entire hub. [...snip...]
I want the snort box to basically be invisible. I understand that this can happen in a number of ways..
IP-less Interface [0], a R/O cable [1], a ethernet Tap [2], or a bridge. [...snip...]
Can I make snort transparent enough so that the victim machine will be able to pull it's own DHCP address on the external subnet? (a la hogwash?)
I'd not bother with DHCP. If you are creating a test setup, simply use RFC1918 addresses and be done with it. Since you want to run a 'stealth' sensor, you really don't even need an IP. [...snip...]
I basically have a logical gap in reasoning here. Can anyone point me to a doc that will clear this up? Have any suggestions on how to make the snort box relatively transparent?
*shrug* There's not really one document to point you to. There are a number of documents! :) Have a look at the docs [3] on snort.org. They will give you some pointers. If that's not exactly what you are looking for, try Google. Cheers! ----- Erek Adams "When things get weird, the wierd turn pro." H.S. Thompson [0] http://www.snort.org/docs/faq.html#3.1 [1] http://www.theadamsfamily.net/~erek/snort/ [2] http://www.netoptics.com/net-96135.html [3] http://www.snort.org/docs/ ------------------------------------------------------- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Methodology Verification John Cherbini (Jan 14)
- Re: Methodology Verification seclists (Jan 15)
- Re: Methodology Verification Erek Adams (Jan 15)
- RE: Methodology Verification John Cherbini (Jan 15)
- <Possible follow-ups>
- RE: Methodology Verification John Cherbini (Jan 14)