Snort mailing list archives
RE: Methodology Verification
From: "John Cherbini" <cherbini () dakotacom net>
Date: Wed, 15 Jan 2003 08:30:44 -0700
This is exactly what I was looking for.
On Tue, 14 Jan 2003, John Cherbini wrote: [...snip...]I'm setting up a testing network that does not have a firewall. I basically want a snort machine with the external net on oneside, andthe victim on the other side. I really just want to be able to see the attacks that take place on the victim.Well... Easy enough. Simply plug everything into a cheap hub. One interface on the Snort box would see everthing on the entire hub.
I figure that by using a hub and a R/O cable, I should be in the situation I'm looking for. (for now) I'm thinking that I'll hook a second NIC up to the "trusted" network, so I'll be able to manage it remotely, and leave the R/O interface, hub, etc.....outside the firewall.
I want the snort box to basically be invisible. I understand that this can happen in a number of ways..IP-less Interface [0], a R/O cable [1], a ethernet Tap [2], or a bridge.
This is the gap that I was missing. Thanks very much Erek! John C. ------------------------------------------------------- This SF.NET email is sponsored by: Take your first step towards giving your online business a competitive advantage. Test-drive a Thawte SSL certificate - our easy online guide will show you how. Click here to get started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Methodology Verification John Cherbini (Jan 14)
- Re: Methodology Verification seclists (Jan 15)
- Re: Methodology Verification Erek Adams (Jan 15)
- RE: Methodology Verification John Cherbini (Jan 15)
- <Possible follow-ups>
- RE: Methodology Verification John Cherbini (Jan 14)