Snort mailing list archives
RE: Promiscuous Mode
From: "pfeito" <pfeito () netcabo pt>
Date: Sun, 21 Mar 2004 23:27:51 -0000
Thanks! Another thing please: How can I configure the snorts Ethernet interface to start in promiscuous mode, or at least, to start with no defined IP address. Right know, the TCP/IP settings on that interface are set to obtain IP via DHCP, which it cant, because there isnt a DHCP server on that network segment, but I'd like to change this, for security reasons. How can I do it ? -pfeito
-----Original Message----- From: Paul Schmehl [mailto:pauls () utdallas edu] Sent: domingo, 21 de Março de 2004 4:40 To: pfeito; snort-users () lists sourceforge net Subject: Re: [Snort-users] Promiscuous Mode --On Sunday, March 21, 2004 2:08 AM +0000 pfeito <pfeito () netcabo pt> wrote:Hi, I've just installed snort on fedora core 1 with MySQL and ACID.Everythingis looking cool. I've set the IDS box outside the firewall using an HUB. Something is bothering me though... if I do "ifconfig -a" my interface, (which as no IP or mask set) does not show the keyword PREMISC, butdoingtail /var/log/messages, I can see a message like "... kernel: eth0: Setting promiscuous mode.". A quick look to ACID's data tells me thattheinterface is in fact in promiscuous mode, but shouldn't this be figured in "ifconfig -a" ?No. If you look in the networking docs in /usr/share you'll see that promisc is deprecated. If you bring up an interface without an IP, it's in promiscuous mode. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Exhausted - SNORT not logging to MySQL database Your Name (Mar 20)
- Re: Exhausted - SNORT not logging to MySQL database Paul Schmehl (Mar 20)
- RE: Exhausted - SNORT not logging to MySQL database Michael Steele (Mar 20)
- Promiscuous Mode pfeito (Mar 20)
- Re: Promiscuous Mode Paul Schmehl (Mar 20)
- RE: Promiscuous Mode pfeito (Mar 21)
- RE: Promiscuous Mode Paul Schmehl (Mar 21)
- HOME_NET var on snort.conf pfeito (Mar 21)
- Re: HOME_NET var on snort.conf Paul Schmehl (Mar 21)
- Re: HOME_NET var on snort.conf neil (Mar 22)
- RE: HOME_NET var on snort.conf pfeito (Mar 22)
- RE: HOME_NET var on snort.conf pfeito (Mar 22)
- RE: HOME_NET var on snort.conf Michael Boman (Mar 22)
- RE: HOME_NET var on snort.conf pfeito (Mar 25)
- Promiscuous Mode pfeito (Mar 20)