RE: Methodology Verification

["John Cherbini" <cherbini () dakotacom net>]

This is exactly what I was looking for.

> On Tue, 14 Jan 2003, John Cherbini wrote:
>
> [...snip...]
>
> > I'm setting up a testing network that does not have a firewall.  I 
> > basically want a snort machine with the external net on one 
> side, and 
> > the victim on the other side.  I really just want to be able to see 
> > the attacks that take place on the victim.
>
> Well...  Easy enough.  Simply plug everything into a cheap 
> hub.  One interface on the Snort box would see everthing on 
> the entire hub.

I figure that by using a hub and a R/O cable, I should be in the
situation I'm looking for.  (for now)  I'm thinking that I'll hook a
second NIC up to the "trusted" network, so I'll be able to manage it
remotely, and leave the R/O interface, hub, etc.....outside the
firewall.

> > I want the snort box to basically be invisible.  I understand that 
> > this can happen in a number of ways..
>
> IP-less Interface [0], a R/O cable [1], a ethernet Tap [2], 
> or a bridge.

This is the gap that I was missing.

Thanks very much Erek!

John C.



-------------------------------------------------------
This SF.NET email is sponsored by: Take your first step towards giving 
your online business a competitive advantage. Test-drive a Thawte SSL 
certificate - our easy online guide will show you how. Click here to get 
started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users